Yahoo tops the list of the 10 most attacked brands in Q4 after a massive phishing campaign

Yahoo tops the list of the 10 most attacked brands in Q4 after a massive phishing campaign

Check Point Research (CPR) has released its Brand Phishing report for the fourth quarter of 2022, in which it highlights the brands most frequently impersonated by criminals during the months of October, November and December 2022. Yahoo is the became the top brand spoofed in phishing attacks last quarter, rising 23 places in the ranking from the previous quarter. Cybercriminals send emails with subject lines that suggest the recipient has won prizes and money. CPR warns against receiving emails that appear “too good to be true.”

• 20% of all brand phishing attempts last quarter involved Yahoo

• Followed by DHL (16%), Microsoft (11%), Google (5.8%) and LinkedIn (5.7%).

• CPR presents concrete examples of brand phishing attempts seen recently, including Instagram, Microsoft and Adobe.

Top 10 most imitated brands

1.Yahoo (20%)

2.DHL (16%)

3. Microsoft (11%)

4. Google (5.8%)

5. LinkedIn (5.7%)

6.Wetransfer (5.3%)

7.Netflix (4.4%)

8. FedEx (2.5%)

9. HSBC (2.3%)

10. WhatsApp (2.2%)

What is a Brand Phishing Attack?

In a brand phishing attack, criminals attempt to impersonate the official website of a well-known brand by using a similar domain name or URL, and web page layout as the real website. fake website link can be sent to targeted people via email or SMS. A user can be redirected while browsing the web, or the redirect can be triggered by a rogue mobile app. The fake site usually contains a form intended to steal users’ credentials, bank details or other personal information.

Spotlight on Yahoo!

In the fourth quarter of 2022, 20% of all brand phishing attempts were linked to Yahoo. CPR discovered campaigns that included malicious phishing emails that used Yahoo branding with the subject line “YAHOO AWARD” and were sent by senders with usernames such as “Award Promotion”, “Award Center”, “info winning” or “Award Winning.”

The email content distributed in the campaign informed victims that they had “won” prizes worth hundreds of thousands of dollars in contests organized by Yahoo. The email then asks recipients to send their personal and bank details, under the guise that this information is required to transfer the prize money to their account. Furthermore, the e-mail indicates that the victim should not inform his relatives that he won the prize, for legal reasons.

Quote: Omer Dembinsky, Data Group Manager at Check Point Software:

“In the last quarter, 20% of all brand phishing attempts were linked to Yahoo, putting it at the very top of the list of most imitated brands. Hackers are observed to try to deceive people by dangling rewards and prizes to be won. But if it’s too good to be true, it almost always is. In general, the IT sector was mostly imitated by brand phishing in the last quarter, followed by shipping and social networks. DHL reached second place in the fourth quarter with 16% of all brand phishing attempts, ahead of Microsoft in third place with 11%. If DHL comes second, it will no doubt be due to the traditional online shopping season of Black Friday, Cyber ​​Monday and the race for Christmas gifts online, where hackers are using their name to send “fake delivery notification”.

To protect yourself from a brand phishing attack, do not click on suspicious links or attachments and always check the URL of the page you are directed to. Pay attention to spelling mistakes and do not provide unnecessary information. »

Examples: Instagram, Microsoft and Adobe


CPR detected a malicious phishing email sent from “badge@mail-ig[.]com”. The email is sent with the following subject “blue badge form”, and its contents attempt to convince the victim to click on a malicious link claiming that the victim’s Instagram account has been reviewed by the Facebook team (the owner of the Instagram brand) and are deemed eligible for the Blue Badge.


Below is an attempt to steal a user’s Microsoft account information. The email, sent from address

« teamsalert_Y3NkIGpoY2pjc3dzandpM3l1ODMzM3Nuc2tlY25taXc@gmx[.]com[.]my” under the sender’s fake name – “Teams”, contains the subject “you have been added to a new team”.

The attacker aims to trick the victim into clicking on the malicious link by pretending that they have been added to a new team in the app. Choosing to confirm cooperation leads to the malicious website “https://u31315517[.]side[.]sendgrid[.]net/ls/click” which is no longer active.


The phishing email below, branded with Adobe, was sent from “grupovesica@adobe-partner[.]com”, and its subject, originally in Spanish, reads: “Activate your license! Take advantage of its benefits” (original: “¡Activa tu licencia! Aprovecha sus beneficios”). In the email, the victim is encouraged to contact professionals to help them use the application license.

By clicking on the link contained in the e-mail (“https://adobeconciergeservices[.]com/_elink/bfgkw374wekci/bcplw9h143poj/bdpip0zrm95o3”), opens a new draft message in Outlook addressed to a foreign email (not associated with Adobe), where the user must enter credit details and information for “activating” the license.

Leave a Reply

Your email address will not be published. Required fields are marked *