Over the years, one prime contestant held the crown as "brand most abused for phishing". Yep, you guessed it - Microsoft. While the tech giant may soon reclaim its title, Q4 of 2021 brought in a wave of change and DHL overtook Microsoft's top spot (as reported by Check Point). Another delivery service  surprise last quarter was FedEx, which made the top 10 list for the first time. Well, December definitely is the busiest month of the year in retail, so with Covid-19 still affecting physical businesses and online shopping on a constant rise (10% in 2021), no wonder threat actors prey on expectant shoppers waiting for that sweater they ordered for Mom.

According to Check Point's Q4 Brand Phishing Report, these are the leading brands that are most frequently imitated by cyber criminals for phishing:

  1. DHL (related to 23% of all phishing attacks globally)
  2. Microsoft (20%)
  3. WhatsApp (11%)
  4. Google (10%)
  5. LinkedIn (8%)
  6. Amazon (4%)
  7. FedEx (3%)
  8. Roblox (3%)
  9. PayPal (2%)
  10. Apple (2%)


In addition to targeting end users with well-known brands, threat actors are also known for using brands against the very companies themselves. By phishing their employees, hackers can find a crack in the fence to breach through and propagate throughout the whole network. And what easier way to breach a company is there than with a highly legitimate-looking typosquat and email phish of its own brand?


How to prevent targeted, brand-based breaches

ThreatSTOP blocklists are made up of 800+ threat intelligence sources, including various phishing and typosquat IOC sources. Implementing these automatically protect ThreatSTOP users from falling victim to phishing attacks impersonating DHL and Microsoft in the first place (even if someone on the network clicks the malicious email link - their DNS traffic will be blocked at the gateway and no communication with the phishing page will be made). Not a ThreatSTOP customer yet? Talk to an analyst to hear what it's all about here.

To block targeted attacks on your own brand, ThreatSTOP also provides users with the option of creating their own custom user defined blocklists (UDLs). Our system supports highly customizable DNS (RPZ) responses, so we can easily rewrite any FQDN to any other FQDN. Using our Typosquat Protection Feature, ThreatSTOP customers can create custom lists with all possible typosquatted permutations of their most commonly used domains, including their own business domain. These lists get instantly propagated to their ThreatSTOP IP or DNS firewall product, saving potential victims from typosquats serving phishing and malware.


Create Custom UDL


Not a ThreatSTOP customer yet? Want to see ThreatSTOP instantly eliminate attacks on your network?

Get a Demo