Microsoft remains the most-spoofed brand for the second quarter in a row
Malicious use of the tech giant's brand increased by 24% in the last quarter of 2020, according to Check Point
Microsoft ended 2020 as the brand most frequently targeted by cyber criminals, with 43% of all brand phishing attempts related to the tech giant in Q4.
This was a 24% increase from the third quarter of the year, which saw 19% of all attempts linked to the tech giant, according to Check Point research.
The attempts are from criminals looking to steal personal information or payment credentials by impersonating well-known brands that are likely to be used by the employee and their organisation.
The technology industry was the most likely to be targeted by 'brand phishing', according to Check Point, closely followed by retail and shipping. Across October, November and, December, Microsoft was the brand most often imitated by hackers.
"Criminals increased their attempts in Q4 2020 to steal peoples personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success," said Maya Horowitz, director, threat intelligence and research, products at Check Point.
"As always, we encourage users to be cautious when divulging personal data and credentials to business applications, and to think twice before opening email attachments or links, especially emails that claim to from companies, such as Microsoft or Google, that are most likely to be impersonated."
Shipping firm DHL was the second most-spoofed brand for the end of 2020, as criminals sought to take advantage of the significantly higher number of shoppers placing their orders online. Many of these attacks involved delivery failure notices, asking the target to pay a nominal fee to arrange a new delivery.
Google actually came 7th on the list with only 2% of all brand-related phishing in its name. Amazon ended the year in fourth with 5% while LinkedIn, a Microsoft-owned platform, was third with 6%.
IT Pro has approached Microsoft as the findings will be of huge concern to the tech giant, especially as phishing attempts in its name have doubled over a sixth month period.
-
‘They risk damaging confidence’: A Canadian health board outraged staff with phishing tests offering paid leave – experts say it shows why you need to be careful with cyber awareness campaignsNews Phishing tests require a delicate touch, emulating realism while not “exploiting goodwill”
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
Two US nationals sentenced for role in prolific fake worker laptop farmsNews The Americans were raising money for the North Korean regime by allowing fake IT workers to appear as legitimate US-based employees
-
Beware of emails threatening a code of conduct review
News A widespread phishing campaign has targeted tens of thousands of employees
-
Microsoft and NCSC issue alerts over hacker campaigns targeting WhatsApp, Signal messaging appsNews Microsoft warns about a sophisticated attack that starts with WhatsApp messages, while the NCSC says such incidents are on the rise
-
Is your new hire an AI clone? Microsoft says North Korean hackers are using AI to impersonate job seekers and steal company secretsNews The groups are increasingly using face-changing or voice-changing software to make their fake identities more plausible
-
Google issues warning over ShinyHunters-branded vishing campaignsNews Related groups are stealing data through voice phishing and fake credential harvesting websites
-
Thousands of Microsoft Teams users are being targeted in a new phishing campaignNews Microsoft Teams users should be on the alert, according to researchers at Check Point
