Microsoft ended 2020 as the brand most frequently targeted by cyber criminals, with 43% of all brand phishing attempts related to the tech giant in Q4.
This was a 24% increase from the third quarter of the year, which saw 19% of all attempts linked to the tech giant, according to Check Point research.
The attempts are from criminals looking to steal personal information or payment credentials by impersonating well-known brands that are likely to be used by the employee and their organisation.
The technology industry was the most likely to be targeted by 'brand phishing', according to Check Point, closely followed by retail and shipping. Across October, November and, December, Microsoft was the brand most often imitated by hackers.
"Criminals increased their attempts in Q4 2020 to steal peoples personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success," said Maya Horowitz, director, threat intelligence and research, products at Check Point.
"As always, we encourage users to be cautious when divulging personal data and credentials to business applications, and to think twice before opening email attachments or links, especially emails that claim to from companies, such as Microsoft or Google, that are most likely to be impersonated."
Shipping firm DHL was the second most-spoofed brand for the end of 2020, as criminals sought to take advantage of the significantly higher number of shoppers placing their orders online. Many of these attacks involved delivery failure notices, asking the target to pay a nominal fee to arrange a new delivery.
Google actually came 7th on the list with only 2% of all brand-related phishing in its name. Amazon ended the year in fourth with 5% while LinkedIn, a Microsoft-owned platform, was third with 6%.
IT Pro has approached Microsoft as the findings will be of huge concern to the tech giant, especially as phishing attempts in its name have doubled over a sixth month period.
-
The FBI says hackers are using AI voice clones to impersonate US government officialsNews The campaign uses AI voice generation to send messages pretending to be from high-ranking figures
-
Employee phishing training is working – but don’t get complacentNews Educating staff on how to avoid phishing attacks can cut the rate by 80%
-
Russian hackers tried to lure diplomats with wine tasting – sound familiar? It’s an update to a previous campaign by the notorious Midnight Blizzard groupNews The Midnight Blizzard threat group has been targeting European diplomats with malicious emails offering an invite to wine tasting events, according to Check Point.
-
This hacker group is posing as IT helpdesk workers to target enterprises – and researchers warn its social engineering techniques are exceptionally hard to spotNews The Luna Moth hacker group is ramping up attacks on firms across a range of industries with its 'callback phishing' campaign, according to security researchers.
-
Hackers are using Zoom’s remote control feature to infect devices with malwareNews Security experts have issued an alert over a new social engineering campaign using Zoom’s remote control features to take over victim devices.
-
State-sponsored cyber groups are flocking to the 'ClickFix' social engineering techniqueNews State-sponsored hackers from North Korea, Iran, and Russia are exploiting the ‘ClickFix’ social engineering technique for the first time – and to great success.
-
Have I Been Pwned owner Troy Hunt’s mailing list compromised in phishing attackTroy Hunt, the security blogger behind data-breach site Have I Been Pwned, has fallen victim to a phishing attack targeting his email subscriber list.
-
LinkedIn has become a prime hunting ground for cyber criminals – here’s what you need to knowNews Cyber criminals are flocking to LinkedIn to conduct social engineering campaigns, research shows.
