Microsoft Is The Most Commonly Used Alias In Phishing Attacks 

Uploaded on 2024-01-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

According to research from CheckPoint, Microsoft held the top spot as the number one most impersonated brand, accounting for 33% of all brand phishing attempts in the last quarter of 2023. The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third on 8%.

Social networks and banking represented the other two most targeted industries. Consumer spending associated with the festive period saw cyber criminals continue to target retailers in Q4 2023. 

The widely recognised package delivery brand DHL moved into the top ten, possibly due to increased activity during the November shopping month, while Amazon’s ranking can largely be attributed to the annual Amazon Fall Prime Day sale that was scheduled during the second week of October. “While we have said goodbye to 2023, one thing has followed us into the new year and that is the threat of phishing... Even cyber criminals with limited IT expertise can accurately mimic legitimate brands to deceive unsuspecting customers and carry out social engineering attacks” said Omer Dembinsky, Data Group Manager at Check Point Software.  

According to Dembinsky, the widespread use of AI by cyber criminals is leading to a higher volume of phishing campaigns tin 2024 that will be barely distinguishable from genuine company communications. 

“As the biggest names in technology, social networking and banking continue to be imitated, end users need to be extra vigilant when engaging with emails claiming to be from a reputable brand.” he said. 

The Top Ten Phishing Brands Exploited In 2023

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q4 2023: 

1.    Microsoft (33%)
2.    Amazon (9%)
3.    Google (8%)
4.    Apple (4%)
5.    Wells Fargo (3%)
6.    LinkedIn (3%)
7.    Home Depot (3%)
8.    Facebook (3%)
9.    Netflix (2%)
10.  DHL (2%)

Email Verification Scam

One notabe example of an Microsoft phishing email is one which appeas to be from 'the Microsoft account team' and claiming to require email address verification, calling on recipients to click a verification link.  It features a subject line "Microsoft: Verify your email address" aiming to create a sense of urgency. The email requests recipients to verify their email address and may potentially lead to fraudulent activities. This link is not associated with Microsoft.

The Brand Phishing Report from CheckPoint (linked Below) highlights the brands that were most frequently imitated by cyber criminals in their attempts to steal individuals’ personal information or payment credentials during October, November and December 2023.  

CheckPoint Brand Phishing Report:

You Might Also Read:

Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools:

DIRECTORY OF SUPPLIERS - Brand Protection Online:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Attacks Hit Three English Councils At Once 
The British Library Gets Back Online »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Integrity360

Integrity360

Integrity360 provide fully managed IT security services as well as security testing, integration, GRC and incident handling services.

SysTools

SysTools

SysTools provides a range of services including data recovery, digital forensics, and cloud backup solutions.

Arete

Arete

Arete is a global cyber risk company whose mission is to transform the way organizations prepare for, respond to, and prevent cybercrime.

Uhuru Corp

Uhuru Corp

Uhuru offers a wide variety of IoT products and solutions including enebular® IoT Orchestration Service.

eSec Forte Technologies

eSec Forte Technologies

eSec Forte Technologies is a CMMi Level 3 certified Global Consulting and IT Security Services company.

Gijima

Gijima

Gijima is one of SA’s leading ICT companies in Cloud & Outsourcing, Systems integration, Human Capital Management & Training, Cybersecurity, and Unified Communications.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Wazuh

Wazuh

Wazuh is a free, open source and enterprise-ready security monitoring solution for threat detection, integrity monitoring, incident response and compliance.

Cyberplc

Cyberplc

Cyberplc is a global cybersecurity consulting firm providing services to government, the public sector and enterprises.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Oduma Solutions

Oduma Solutions

Oduma Solutions is a wholly owned Ghanaian Cybersecurity company that offers information security services to organisations seeking to improve their security posture.

Cyberhill Partners

Cyberhill Partners

Cyberhill is a professional engineering services firm solving complex software implementation and integration challenges.

MIND

MIND

MIND is the first-ever data security platform that puts data loss prevention and insider risk management programs on autopilot, so you can automatically identify, detect and prevent data leaks.

EK3 Technologies

EK3 Technologies

EK3 Technologies mission is to provide comprehensive cybersecurity and IT solutions that allow our clients to focus on sustaining their business.

The Aerospace Corporation

The Aerospace Corporation

The Aerospace Corporation is playing a key role in advancing space cybersecurity through innovative prototypes that can quickly detect and mitigate cyber threats.