Watch out - that unexpected Microsoft alert could well be a phishing attack

News
By published

Many brand-imitating attacks were Microsoft-related

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
(Image credit: weerapatkiatdumrong / Getty Images)

Microsoft is now the most imitated brand when it comes to phishing attacks, new research has warned

The latest findings from Check Point’s Threat Intelligence division found that during the second quarter of 2023, Microsoft climbed to top place, up from third in the previous quarter, accounting for 29% of brand phishing attempts, placing it far ahead of Google in second place (at 19.5%) and Apple in third place (at 5.2%). Together, the three tech titans account for more than half of the observed brand imitator attacks.

Despite a clear rise in fake emails for millions of Windows and Microsoft 365 customers worldwide, Check Point stresses that careful observation can reveal patterns that help protect from identity theft and fraud attacks.

Microsoft phishing on the rise

Check Point Software Data Group Manager Omer Dembinsky said: “While the most impersonated brands move around quarter to quarter, the tactics that cybercriminals use scarcely do,” pointing at the legitimate-looking logos, colors, and fonts used by attackers.

Read more

> These are the best identity theft protection tools around

> Apple is the online store of choice for phishing scams

> Microsoft Azure accounts hit with phishing attacks to hijack virtual machine 

Phishing scams will also typically use domains or URLs that are closely related to the real deal, but taking the time to scan these and the content of any messages will often reveal a series of intended and unintended typos and errors, all of which are telltale signs of a phishing attack.

One of the most recent attacks witnessed by Check Point analysts has been one relating to unusual Microsoft account sign-in activity, which directs users to a malicious link. These links are designed to steal any manner of information, from login credentials to more sinister material, like payment methods.

While tech firms continue to be the subject of popular scams, many threat actors have also been seen turning to financial services like online banking, gift cards, and online shopping orders. Wells Fargo and Amazon both rounded up the top five during Q2 2023, accounting for 4.2% and 4% of brand phishing attempts respectively.

Checking for the above-mentioned discrepancies in URLs, domains, and message text, go a long way to protecting victims from unwillingly handing over personal information, and the best course of action when it comes to phishing is just to slow down, observe, and analyze. 

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
Fraude en ligne phishing
Phishing clicks nearly tripled in 2024 as criminals aim for smarter attacks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft authentication system spoofed via phishing attack
Hacker Typing
This devious two-step phishing campaign uses Microsoft tools to bypass email security
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Everything you need to know about phishing
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Fraude en ligne phishing
Google forced to step up phishing defenses following ‘most sophisticated attack’ it has ever seen
Latest in Pro
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Oracle
Oracle unveils multi-billion dollar investment in UK cloud and AI
AI model distillation
Why you almost certainly have a shadow AI problem
Hands on a laptop with overlaid logos representing network security
How AI-powered remediation can help tackle security debt
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Zyxel FWA510 main image
I tried the Zyxel FWA510 - read what I thought of this WiFi router
Latest in News
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Oracle
Oracle unveils multi-billion dollar investment in UK cloud and AI
Close up of PS5 DualSense controller leaning on a PS5
Sony patents PlayStation controller that you can charge by leaving in sunlight
Woman disgusted by her laptop
Embarrassing Windows 11 bug that deleted Copilot app is now fixed – but will anyone outside of Microsoft care?
The redisgned Plex app displayed across three iPhone screens
Plex is raising its prices and making a great key feature no longer free – here's why some subscribers are signing up to the Lifetime Pass before the rise
Polar Vantage M3 smartwatch worn on wrist
Polar's entire sports watch lineup just got a major upgrade, and it'll make your training more effective than ever
More about pro
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.

Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Oracle

Oracle unveils multi-billion dollar investment in UK cloud and AI
A screenshot showing Yasuke on horseback in Assassin's Creed Shadows

Assassin's Creed Shadows features some of the biggest visual upgrades on PS5 Pro thanks to the console's fancy ray tracing tech
See more latest
Most Popular
A screenshot showing Yasuke on horseback in Assassin's Creed Shadows
Assassin's Creed Shadows features some of the biggest visual upgrades on PS5 Pro thanks to the console's fancy ray tracing tech
Polar Vantage M3 smartwatch worn on wrist
Polar's entire sports watch lineup just got a major upgrade, and it'll make your training more effective than ever
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
Close up of PS5 DualSense controller leaning on a PS5
Sony patents PlayStation controller that you can charge by leaving in sunlight
The redisgned Plex app displayed across three iPhone screens
Plex is raising its prices and making a great key feature no longer free – here's why some subscribers are signing up to the Lifetime Pass before the rise
The Power Rangers posing in the Mighty Morphin' Power Rangers TV series.
Go, go Power Rangers! Disney+ is set to 'reinvent the franchise' as a new live-action Power Rangers show is in the works
Holding the Fujifilm GFX100 RF medium-format compact camera
I tried Fujifilm’s new medium-format GFX100RF, and it could just be the most desirable compact camera ever
Analogue 3D
You'll have to wait a bit longer if you've pre-ordered the Analogue 3D as shipping has been delayed until later this year
Woman disgusted by her laptop
Embarrassing Windows 11 bug that deleted Copilot app is now fixed – but will anyone outside of Microsoft care?
Oracle
Oracle unveils multi-billion dollar investment in UK cloud and AI