Twenty-two percent of all brand phishing attempts around the world between July and September have been attributed to DHL, making the logistics firm the most impersonated brand in phishing emails in the third quarter, followed by Microsoft and LinkedIn, which was the most spoofed brand during the first two quarters of 2022, The Register reports.
Malicious actors involved in one of the phishing campaigns involving DHL impersonated DHL Express in a message luring recipients into clicking a malicious link for updating delivery addresses, which instead redirects to a fraudulent website seeking victims' names and passwords, which are then harvested to facilitate further compromise, according to a Check Point report.
Researchers also found that a phony OneDrive email had been used in a separate phishing campaign that sought to exfiltrate Microsoft account information.
"Think twice before opening email attachments or links, especially emails that claim to be from companies such as DHL, Microsoft or LinkedIn," said Check Point.
Attackers have been leveraging the new "file archive in the browser" phishing technique that enables the creation of realistic phishing pages masquerading as legitimate file archive software, with hosting on a .ZIP domain further establishing the legitimacy of the scheme, reports The Hacker News.
BleepingComputer reports that recent phishing attacks by the QBot malware operation, also known as Qakbot, have involved the exploitation of a DLL hijacking flaw in the Windows 10 WordPad executable "write.exe."
Microsoft credentials targeted new phishing attacks with RPMSG files New phishing attacks involving compromised Microsoft 365 accounts and encrypted restricted permission message, or RPMSG, files, are being leveraged by threat actors to facilitate the stealthy exfiltration of Microsoft credentials, according to BleepingComputer.