Skip to content

Did you get an email from Microsoft, or a criminal?

big tech accounts for over half of brand imposters

Arthur Gaplanyan

No Comments

Email attacks have been around since the dawn of email, so I’m sure you’re no stranger to the countless threats that lurk in email inboxes. Have you ever considered that an email from Microsoft could potentially be one of these nightmare attacks?

Microsoft, the widely recognized and trusted tech giant, has unfortunately become a prime target for phishing attacks. These attacks involve cybercriminals sending emails containing malicious links or files with the intention of stealing your valuable data.

While it’s important to note that Microsoft is not responsible for these attacks, it’s crucial for both you and your employees to remain vigilant and cautious of anything that seems even remotely suspicious.

A recent report from Check Point Research analyzed the details of phishing attacks for Q2 2023.

Microsoft took the top position as the number one brand that attackers impersonate during their attacks, at a whopping 29% of all phishing attacks.

That’s nearly 10% higher than the number two position, which is Google at 19.5%. Apple comes in third a distant 5.2%.  Add all those up and the three tech giants account for nearly 54% of all brand imitation phishing attacks.


How do brand imitation attacks affect your business?

Well, attacks are designed to steal data – which is highly valuable to criminals. As if losing your personal data or financial information isn’t bad enough, falling for a scam with your business data opens the doors to a larger vault of information, opportunities, and financial gain.

The trick is to stay observant at all times. Attacks are always present but seem to come in surges and trends. Right now, there is a noticeable surge in fraudulent emails targeting Windows and Microsoft 365 users worldwide.

While the most impersonated brands may change from quarter to quarter, cybercriminal tactics often remain consistent. They employ logos, colors, and fonts that appear legitimate. Phishing scams often use domains or URLs that resemble the real thing. However, a careful review of these, along with the content of the messages, can often reveal typos and errors – clear indicators of a phishing attempt.

One of the recent attacks suggests unusual sign-in activity on your Microsoft account, directing you to a potentially malicious link. One version of this attack doesn’t even use text to do so, but an image of a QR code to direct you where the attacker wants you to go. These links are crafted to pilfer everything from login details to payment information.

Furthermore, even though the big tech companies are the most popular targets, those aren’t the only targets criminals are attacking.  Financial institutions, ecommerce sites, and social media are likely brands to be impersonated too.

Wells Fargo is number 4 on the list, with Amazon and Walmart taking spots 5 and 6. Facebook and LinkedIn are also in the top 10 as well as Home Depot and popular the gaming site Roblox.

What steps can you take to safeguard your business?

The solution might be simpler than you imagine. The most effective approach to combat phishing is to slow down, carefully assess, and analyze. Look out for inconsistencies in URLs, domains, and message content. Using a password manager to validate the sites you are logging into, as well as MFA as a secondary security measure will increase your protection a hundredfold. Of course, having an advanced security solution that monitors your business’s network and devices will give professional protections 24/7.

If you’re interested in keeping your team well-informed about these risks, feel free to reach out to us for assistance.