DHL, The Most Imitated Brand In Phishing Attacks In Fourth Quarter Of 2021


Malicious actors on the web use various of strategies to lure and trick their victims.

And one of the most popular ways, based on the success, is by impersonating famous people or brands. And in the fourth quarter of 2021, the brand that is the most impersonated, was DHL, the international package delivery and express mail service.

According to a report by threat intelligence firm Check Point Research, DHL was the most imitated brand in phishing campaigns throughout Q4 2021, pushing Microsoft to second place, and Google to fourth.

This finding isn't at all surprising, considering that the final quarter of every ear includes the Black Friday, Cyber Monday, and Christmas shopping season.

It's predicted that scammers would likely to impersonate delivery services at that time of the year.

And here, DHL alone is among the largest, with more than 1.5 billion parcels delivered every single year.


The method used by the scammers, is to target people who were waiting for a DHL package to arrive.

Malicious actors would impersonate DHL, and lure victims using notifications, like saying that their package is stuck at customs and requires action for clearance, to supposed tracking numbers that hide inside documents attachments or embedded links.

In an example presented on the Check Point report, a phishing campaign used spoofed DHL customer support email addresses to send the "shipment notification" message.

In this case, the email requests the victim to verify their identity, which takes place on a phishing page that is made to look exactly like the real DHL website.

Omer Dembinsky, data research group manager at Check Point Software, said that it is extremely important to remember that cybercriminals are opportunists who will often take advantage of consumer trends by imitating popular brands.

"This quarter, for the first time, we've seen global logistics company DHL top the rankings as the most likely brand to be imitated, presumably to capitalize on the soaring number of new and potentially vulnerable online shoppers during the year's busiest retail period," Dembinsky said.

"Older users in particular, who are less likely to be as technologically savvy as younger generations, will be shopping online for the first time and might not know what to look for when it comes to things like delivery confirmation emails or tracking updates. Furthermore, the rise in COVID cases has people relying on the shipping service more, and cyber criminals are likely trying to capitalize on people choosing to stay in doors more."

DHL phishing
A fraudulent HDL login page with credentials request (left), and the real login page for DHL (right). (Credit: Check Point Research)

According to a report by Check Point, the top ten brands impersonated by phishing actors in Q4 2021 are the following:

  1. DHL (23% of all phishing attacks globally).
  2. Microsoft (20%).
  3. WhatsApp (11%).
  4. Google (10%).
  5. LinkedIn (8%).
  6. Amazon (4%).
  7. FedEx (3%).
  8. Roblox (3%).
  9. Paypal (2%).
  10. Apple (2%).

The revelation is part of Check Point's Q4 Brand Phishing Report for 2021, which ranks the top 10 most imitated brands in October, November and December.

"Unfortunately, there's only so much brands like DHL, Microsoft and WhatsApp -- which represent the top 3 most imitated brands in Q4 -- can do to combat phishing attempts. It's all too easy for the human element to overlook things like misspelt domains, typos, incorrect dates or other suspicious details, and that's what opens the door to further damage. We'd urge all users to be very mindful of these details when dealing with the likes of DHL in the coming months."