Microsoft Is The Most Commonly Used Alias In Phishing Attacks 

Uploaded on 2024-01-23 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

According to research from CheckPoint, Microsoft held the top spot as the number one most impersonated brand, accounting for 33% of all brand phishing attempts in the last quarter of 2023. The technology sector stood out as the most targeted industry overall, with Amazon securing second place with 9% and Google in third on 8%.

Social networks and banking represented the other two most targeted industries. Consumer spending associated with the festive period saw cyber criminals continue to target retailers in Q4 2023. 

The widely recognised package delivery brand DHL moved into the top ten, possibly due to increased activity during the November shopping month, while Amazon’s ranking can largely be attributed to the annual Amazon Fall Prime Day sale that was scheduled during the second week of October. “While we have said goodbye to 2023, one thing has followed us into the new year and that is the threat of phishing... Even cyber criminals with limited IT expertise can accurately mimic legitimate brands to deceive unsuspecting customers and carry out social engineering attacks” said Omer Dembinsky, Data Group Manager at Check Point Software.  

According to Dembinsky, the widespread use of AI by cyber criminals is leading to a higher volume of phishing campaigns tin 2024 that will be barely distinguishable from genuine company communications. 

“As the biggest names in technology, social networking and banking continue to be imitated, end users need to be extra vigilant when engaging with emails claiming to be from a reputable brand.” he said. 

The Top Ten Phishing Brands Exploited In 2023

Below are the top 10 brands ranked by their overall appearance in brand phishing events during Q4 2023: 

1.    Microsoft (33%)
2.    Amazon (9%)
3.    Google (8%)
4.    Apple (4%)
5.    Wells Fargo (3%)
6.    LinkedIn (3%)
7.    Home Depot (3%)
8.    Facebook (3%)
9.    Netflix (2%)
10.  DHL (2%)

Email Verification Scam

One notabe example of an Microsoft phishing email is one which appeas to be from 'the Microsoft account team' and claiming to require email address verification, calling on recipients to click a verification link.  It features a subject line "Microsoft: Verify your email address" aiming to create a sense of urgency. The email requests recipients to verify their email address and may potentially lead to fraudulent activities. This link is not associated with Microsoft.

The Brand Phishing Report from CheckPoint (linked Below) highlights the brands that were most frequently imitated by cyber criminals in their attempts to steal individuals’ personal information or payment credentials during October, November and December 2023.  

CheckPoint Brand Phishing Report:

You Might Also Read:

Phishing Attacks Surge As Cyber Criminals Exploit New AI Tools:

DIRECTORY OF SUPPLIERS - Brand Protection Online:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Cyber Attacks Hit Three English Councils At Once 
The British Library Gets Back Online »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Cyber London (CyLon)

Cyber London (CyLon)

CyLon is a leading cyber security accelerator and seed investment programme. We help entrepreneurs from across the globe to build cyber security businesses, raise investment, and develop partnerships.

California Cybersecurity Institute (CCI) - Cal poly

California Cybersecurity Institute (CCI) - Cal poly

The CCI provides a hands-on research and learning environment to explore new cyber technologies and train and test tactics alongside law enforcement and cyberforensics experts.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Cyber Physical Security Research Center (CPSEC)

Cyber Physical Security Research Center (CPSEC)

CPSEC aims to contribute to the security enhancement of industrial infrastructure that creates value across cyber space and physical space.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Pentesec

Pentesec

Pentesec is a security specialist offering professional services, managed security services and expertise within an extensive range of security technologies.

BrainStorm

BrainStorm

BrainStorm Threat Defense takes a new human-focused approach to security awareness that traditional training lacks. It’s a cutting-edge platform to make your users more security savvy.

Herzing College

Herzing College

Herzing College Ottawa offers an accelerated 12-month Cybersecurity Specialist training program. This program is developed by industry experts and based on leading IT security certifications.

DC Two

DC Two

DC Two are a locally operated and supported Australian data centre, offering a suite of vertically integrated services covering every part of the data centre and cloud technology stack.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.

Amtivo Group

Amtivo Group

Amtivo provides Certification, Inspection and Training services to national and local Government bodies, multi-nationals, enterprise clients and SMEs.