During the fourth quarter of 2022, Yahoo was the target of twenty percent of all brand phishing attempts. Investigators discovered tactics that involved sending harmful phishing emails posing as Yahoo using the company’s branding. These had “YAHOO AWARD” in the subject line, and they were sent by senders with names like “Award Promotion,” “Award Center,” “info Winning,” and “Award Winning.” The victims were told, inside the body of the email that was sent out as part of the campaign, that they had won prize money that had been coordinated by Yahoo and was worth hundreds of thousands of dollars. It claims that it will transfer the winning prize money to the recipient’s bank account if they provide their personal information as well as the account information for their bank. In addition, the email includes a warning that the recipient must keep quiet about obtaining the award due to the fact that it might lead to legal complications.
In the fourth quarter, DHL moved up to the second position with 16% of all brand phishing attempts, passing Microsoft, which remained in the third spot with 11%.
This past quarter, the industry of technology was the one most likely to be replicated by brand phishing, followed by the business of shipping and social networks.
The following is a ranking of the top 10 brands in terms of their total presence in brand phishing events during the fourth quarter of 2022:
Example of an Instagram Phishing Email Used to Steal Accounts
Researchers discovered a malicious phishing email that was sent from “badge@mail-ig[.]com” as part of a campaign that used Instagram’s branding. The email was sent with the subject line “blue badge form,” and its content (shown in Figure 1) tries to convince the victim to click on a malicious link by claiming that the victim’s Instagram account has been reviewed by the Facebook team (the owner of the Instagram brand) and has been deemed eligible for the Blue Badge. The email was sent with the subject line “blue badge form,” and it was sent with the content shown in Figure 1. They are need to fill out a form in order to acquire the badge. The link takes users to a malicious website that asks them to input their login and password. The website’s address is “https://www.verifiedbadgecenters.xyz/contact/,” and it can be found here
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.