Microsoft Is The Most Commonly Used Alias In Phishing Attacks 

According to research from CheckPoint, Microsoft held the top spot as the number one most impersonated brand, accounting for 33% of all brand phishing attempts in the last quarter of 2023. The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third on 8%.

Social networks and banking represented the other two most targeted industries. Consumer spending associated with the festive period saw cyber criminals continue to target retailers in Q4 2023. 

The widely recognised package delivery brand DHL moved into the top ten, possibly due to increased activity during the November shopping month, while Amazon’s ranking can largely be attributed to the annual Amazon Fall Prime Day sale that was scheduled during the second week of October. “While we have said goodbye to 2023, one thing has followed us into the new year and that is the threat of phishing... Even cyber criminals with limited IT expertise can accurately mimic legitimate brands to deceive unsuspecting customers and carry out social engineering attacks” said Omer Dembinsky, Data Group Manager at Check Point Software.  

According to Dembinsky, the widespread use of AI by cyber criminals is leading to a higher volume of phishing campaigns tin 2024 that will be barely distinguishable from genuine company communications. 

“As the biggest names in technology, social networking and banking continue to be imitated, end users need to be extra vigilant when engaging with emails claiming to be from a reputable brand.” he said. 

The Top Ten Phishing Brands Exploited In 2023

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q4 2023: 

1.    Microsoft (33%)
2.    Amazon (9%)
3.    Google (8%)
4.    Apple (4%)
5.    Wells Fargo (3%)
6.    LinkedIn (3%)
7.    Home Depot (3%)
8.    Facebook (3%)
9.    Netflix (2%)
10.  DHL (2%)

Email Verification Scam

One notabe example of an Microsoft phishing email is one which appeas to be from 'the Microsoft account team' and claiming to require email address verification, calling on recipients to click a verification link.  It features a subject line "Microsoft: Verify your email address" aiming to create a sense of urgency. The email requests recipients to verify their email address and may potentially lead to fraudulent activities. This link is not associated with Microsoft.

The Brand Phishing Report from CheckPoint (linked Below) highlights the brands that were most frequently imitated by cyber criminals in their attempts to steal individuals’ personal information or payment credentials during October, November and December 2023.  

CheckPoint Brand Phishing Report:

You Might Also Read:

Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools:

DIRECTORY OF SUPPLIERS - Brand Protection Online:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Cyber Attacks Hit Three English Councils At Once 
The British Library Gets Back Online »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

oneM2M

oneM2M

oneM2M is a global organization creating a scalable and interoperable standard for communications of devices and services used in M2M applications and the Internet of Things.

National Cybersecurity Competence Centre (NC3)

National Cybersecurity Competence Centre (NC3)

NC3 has been established in response to growing demands for practically applicable products and solutions for ensuring cybersecurity of critical and non-critical information infrastructures.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

Q6 Cyber

Q6 Cyber

Q6 Cyber is an innovative threat intelligence company collecting targeted and actionable threat intelligence related to cyber attacks, fraud activity, and existing data breaches.

Beyond Encryption

Beyond Encryption

Mailock by Beyond Encryption is a secure email solution that allows businesses to exchange email securely, safe in the knowledge that their email can only be read by their intended recipient.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Elisity

Elisity

Elisity Cognitive Trust is a new security paradigm that combines Zero Trust Network Access and an AI-enabled Software Defined Perimeter.

Debevoise & Plimpton

Debevoise & Plimpton

Debevoise & Plimpton LLP is a premier law firm with market-leading practices in areas including Data Strategy & Security.

Patriot Consulting Technology Group

Patriot Consulting Technology Group

Patriot Consulting's mission is to help our clients manage cybersecurity risk through secure deployments of Microsoft 365.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.

Sev1Tech

Sev1Tech

Sev1Tech is a leading provider of IT modernization, cloud, cybersecurity, engineering, fielding, training, and program support services.

TRM Labs

TRM Labs

TRM enables risk management and compliance for a global community of financial institutions, cryptocurrency businesses and government agencies.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Seven AI

Seven AI

Seven AI develops cyber security software designed to identify online threats.