Watch out - that unexpected Microsoft alert could well be a phishing attack
Many brand-imitating attacks were Microsoft-related
Microsoft is now the most imitated brand when it comes to phishing attacks, new research has warned
The latest findings from Check Point’s Threat Intelligence division found that during the second quarter of 2023, Microsoft climbed to top place, up from third in the previous quarter, accounting for 29% of brand phishing attempts, placing it far ahead of Google in second place (at 19.5%) and Apple in third place (at 5.2%). Together, the three tech titans account for more than half of the observed brand imitator attacks.
Despite a clear rise in fake emails for millions of Windows and Microsoft 365 customers worldwide, Check Point stresses that careful observation can reveal patterns that help protect from identity theft and fraud attacks.
Microsoft phishing on the rise
Check Point Software Data Group Manager Omer Dembinsky said: “While the most impersonated brands move around quarter to quarter, the tactics that cybercriminals use scarcely do,” pointing at the legitimate-looking logos, colors, and fonts used by attackers.
Phishing scams will also typically use domains or URLs that are closely related to the real deal, but taking the time to scan these and the content of any messages will often reveal a series of intended and unintended typos and errors, all of which are telltale signs of a phishing attack.
One of the most recent attacks witnessed by Check Point analysts has been one relating to unusual Microsoft account sign-in activity, which directs users to a malicious link. These links are designed to steal any manner of information, from login credentials to more sinister material, like payment methods.
While tech firms continue to be the subject of popular scams, many threat actors have also been seen turning to financial services like online banking, gift cards, and online shopping orders. Wells Fargo and Amazon both rounded up the top five during Q2 2023, accounting for 4.2% and 4% of brand phishing attempts respectively.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Checking for the above-mentioned discrepancies in URLs, domains, and message text, go a long way to protecting victims from unwillingly handing over personal information, and the best course of action when it comes to phishing is just to slow down, observe, and analyze.
- These are the best firewalls and best malware removal to keep your machine healthy
With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!