Syed Imran Haider 
According to a media report, Yahoo! – a veteran web company, emerged as the most frequently phished brand in phishing attacks during the last three months of 2022. Check Point issued a Brand phishing report, highlighting the organization most recurrently exploited by cyber-attacks to steal personal or credit card detail.
The research unit at Check Point observed a 23 percent increase in the illegal use of Yahoo!, which accounted for 23% of renowned attempts. It led to a continuous campaign in which cyber criminals sent emails with the subject ‘Award Center’ or ‘Awards Promotion’. These emails informed the sufferers they had won thousands of dollars in an online contest organized by Yahoo!
Fake Online Contest
While no such online contest existed, the campaign seemingly aimed to have fraud targets out of their bank details, supposedly needed to transfer the prize amount. The emails sent under the campaign comprised a threat not to reveal having won the prize money, mentioning legal issues.
Omer Dembinsky, Check Point’s data group manager, said the company seeks hackers offering significant amounts of money and awards in an attempt to bait their targets. These contests look genuine, though users can protect themselves from a phished brand’s attack by ignoring suspicious links or attachments. They must check the URL of the webpage the email has asked them to direct to before clicking it. It is imperative to check to spell and avoid volunteering unnecessary details.
The rise in representation of Yahoo! branding was remarkable. It is not the same online force it used to be in the 2000s, though the most phished brands remained social media and technology firms and worked as logistics and shipping companies.
Campaigns that used shipping as bait in the form of a missed delivery notification seemed to be highly active during the celebratory period. It accounted for 16 percent of observed attempts in the telemetry of Check Point with DHL, keeping it second behindhand Yahoo!
More About Phishing
Some more widespread campaigns included a fake verification email claiming to arise from Instagram. For instance, a malicious campaign exploited Microsoft Teams, emailing with the subject line that tells the user they have been added to a new team.
It has proven a highly effective movement for their creators to meet the target. Messages on Instagram went up to individuals’ desire for acknowledgment or feeling like they get something uncommon feature of phishing campaigns. On the other hand, the emails claiming to be from Microsoft succeeded in exploiting the widespread use of Microsoft Teams in the modern workforce, imitating legitimate messages.
