Dive Brief:
- Shipping and logistics is the fourth most-likely industry to be used in phishing scams, with perpetrators impersonating brands such as DHL, FedEx and the U.S. Postal Service, according to the internet and cybersecurity Cloudflare.
- Phishing involves a bad actor attempting to steal sensitive information by impersonating a reputable source. In the company's list of the top 50 brands across industries that scammers try to impersonate, DHL ranked fourth, FedEx ranked 40th and the Postal Service ranked 42nd.
- Cloudflare's rankings are based on the most commonly clicked domains associated with phishing URLs. Domains used for shared services, such as hosting sites Google and Amazon, that could not be verified as a phishing attempt were not included.
Where the shipping and logistics industry ranks among most likely brands to be impersonated in phishing scams
| Rank | Brand | Sample domain used for phishing |
|---|---|---|
| 4 | DHL | dhlinfos[.]link |
| 14 | Swiss Post | www[.]swiss-post-ch[.]com |
| 38 | InPost | www.inpost-polska-lox.order9512951[.]info |
| 39 | Correos | correosa[.]online |
| 40 | FedEx | fedexpress-couriers[.]com |
| 42 | United States Postal Service | uspstrack-7518276417-addressredelivery-itemnumber.netlify[.]app |
| 45 | Deutscher Paketdienst | dpd-info[.]net |
Source: Cloudflare
Dive Insight:
The daily presence of logistics companies in consumers' lives, especially with the prevalence of online delivery status updates, makes them a prime target for phishing scams.
"When something goes wrong with shipping, e.g., a signature was required but nobody was home, consumers know they must act fast to avoid further delays," Cloudflare VP of Product Patrick Donahue said in an email. "As a result, phishing attacks targeting logistics companies often use negative lures and play on the need for consumers to take quick, corrective action."
Shippers can take steps to protect their employees and customers from phishing attacks that impersonate carriers, Donahue said. This can include cybersecurity solutions such as remote browser isolation and brand protection programs that can monitor and take down instances of impersonation.
"[Businesses] should also ensure email security settings such as DMARC, DKIM, and SPF are correctly configured, and should avoid using unfamiliar domains to send emails to their customers," Donahue said.
But even when businesses are vigilant against phishing attacks, it's difficult for users to spot the minor differences in an attacker's email or website versus a legitimate source, according to a blog post on Cloudflare's website. The sheer volume of phishing attacks is also a challenge.
Shipping and logistics companies aren't the only enterprises that have to worry about phishing threats. Finance, technology and telecom brands were the most commonly impersonated industries, according to Cloudflare. The top three most-phished brands, in order, are AT&T, PayPal and Microsoft.
