Picture this: a seemingly legitimate email arrives, it’s from Microsoft. And they are urging you to act quickly to secure your account or you may lose it!
But wait, is it really from Microsoft?
The rise of scammers masquerading as this tech behemoth has muddied the waters of online trust. Microsoft, the tech giant we all know and trust, has become the most imitated brand when it comes to phishing attacks. A phishing attack is when somebody sends you an email that contains a malicious link or file to steal your data.
And whilst Microsoft isn’t to blame for this, you and your employees need to be on high alert for anything that seems suspicious.
During Q2 of 2023, Microsoft soared to the top spot of brands imitated by cybercriminals, with a ridiculous 29% of all brand-imitation phishing attempts.
The other two tech giants, Google and Apple, took second and third place respectively with 19.5% and 5.2%. Together, Microsoft, Google, and Apple account for more than half of all brand-imitation attacks.
Millions of Windows and Microsoft 365 customers worldwide are targeted by cybercriminals, resulting in identity theft, fraud, and ransomware attacks.
And while fake emails keep evolving and the list of imitated brands always changes and grows, the core trickery behind brand-imitation attacks remains the same.
Criminals are using legitimate-looking logos, exactly the same colors, and similar fonts. Domains and URLs used for phishing look almost authentic: www.microsoft.com (the real one) / www.micorsoft.com (the fake one).
But a careful scan of the email, its images, links, and its content will often expose typos and errors – the red flags of a phishing attack.
One of the latest attacks claims there has been unusual Microsoft account sign-in activity on your account, directing you to a malicious link. These links are designed to steal everything from login credentials to payment details.
One of the latest phishing trends is a fake alert of unusual sign-in activity on your Microsoft account. The victim is provided with a link to check and block said activity. But the link is malicious, it leads to a website designed to steal everything from login credentials to sensitive payment data.
“But I won’t fall for that, I know my tech companies!“ – you might say.
Well, tech companies are not the only ones being imitated, many cyber criminals mask themselves as financial services. Online banking, gift cards, online retailers, and even the IRS (CRA for our Canadian readers). Wells Fargo and Amazon are right behind Apple on the brand-imitation list with 4.2% and 4%.
The answer is simpler than you might think. The best course of action is to slow down, observe, and analyze. Check for discrepancies in URLs, for errors and typos in the text, and for low-quality images.
If you want to enhance your team’s awareness, teach them how to detect and neutralize phishing emails, or simply test how well your business is protected from phishing attacks we can help you. Schedule a quick call with our experts or leave us a message and we’ll get back to you.