DHL Sits Atop The Top 10 Most Spoofed Brands In Phishing Attacks Exceeding Even Microsoft

DHL electric delivery truck

Microsoft has been toppled from its position on at least one list, but it’s doubtful the company is too upset over it. International shipping service DHL took the No. 1 spot as most-imitated (spoofed) brand in phishing attacks for the fourth quarter of 2021.

In many phishing attacks, the attacker tries to fool the victim into giving up personal information like user names and passwords. To pull this off, some hackers will send emails that look like they come from trusted brands. In years past, Microsoft has been the most-imitated brand.

DHL spoofing email
One example of an email used in phishing attacks (image credit: Check Point)

The Q4 period of just about any year is ripe for the picking for phishers, with the uptick in e-commerce. Those who would love to illegally part you from your money send out mass emails, purporting such things as a branch to your online account, a purchase that’s pending and needs your confirmation, or, in DHL’s case, verifying delivery details for a package.

That’s exactly what one email tried to do. Recipients, believing they had a DHL package to manage, clicked a link that should have gone to the courier’s website. Instead, they ended up on a carefully constructed fake that aimed to steal their identity.

Side-by-side comparison of counterfeit DHL website and the real site
Side by side comparison of fake DHL site (left) and the real site

During Q4 2021, DHL imitators accounted for 23 percent of all phishing attacks globally, according to a recent Check Point report. Microsoft fell to second place, with 20 percent. Also in the top 5 were WhatsApp (11%), Google (10%), and LinkedIn (8%).

Rounding out the top 10 imitated brands were Amazon, FedEx, Roblox, Paypal, and Apple. To help protect yourself from falling victim to such an attack, always be careful about divulging any personal data and credentials online. Think twice before opening email attachments or links, especially when the email claims to be from DHL, Microsoft, or WhatsApp.