Almost half of all phishing attacks designed to steal login credentials like email addresses and passwords by imitating well-known brands are impersonating Microsoft.
Cybersecurity researchers at Check Point analysed phishing emails sent over the last three months and found that 43% of all phishing attempts mimicking brands were attempting to pass themselves off as messages from Microsoft.
Microsoft is a popular lure because of Office 365’s wide distribution among enterprises. By stealing these credentials, criminals hope to gain access to corporate networks.
SEE: Security Awareness and Training policy (TechRepublic Premium)
And with many organisations shifting towards remote working to ensure social distancing over the course of the last year, email and online messaging have become even more important to businesses – and that’s something cyber attackers are actively looking to exploit.
Not only are employees relying on emails for everyday communication with their team mates and bosses, they also don’t always have the same security awareness and protection while working from home.
With these attacks, even if the messages aren’t designed to look like they come from Microsoft itself, and they could claim to come from a colleague, HR, a supplier or anyone else the person might come into contact with, the phishing link or attachment will ask the user to enter their login details to ‘verify’ their identify.
If the email address and password are entered into these pages designed to look like a Microsoft login site, the attackers are able to steal them. Stolen credentials can be used to gain further access to the compromised network, or they can be sold on to other cyber criminals on dark web marketplaces.
The second most commonly imitated brand during the period of analysis was DHL, with attacks mimicking the logistics provider accounting for 18% of all brand-phishing attempts. DHL has become a popular phishing lure for criminals because many people are now stuck at home due to COVID-19 restrictions and receiving more deliveries – so people are more likely to let their guard down when they see messages claiming to be from a delivery firm.
SEE: Ransomware victims aren’t reporting attacks to police. That’s causing a big problem
Other brands commonly impersonated in phishing emails include LinkedIn, Amazon, Google, PayPal and Yahoo. Compromising any of these accounts could provide cyber criminals with access to sensitive personal information that they could exploit.
“Criminals increased their attempts in Q4 2020 to steal peoples’ personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success,” said Maya Horowitz, director of threat intelligence and research at Check Point.
“As always, we encourage users to be cautious when divulging personal data and credentials to business applications, and to think twice before opening email attachments or links, especially emails that claim to from companies, such as Microsoft or Google, that are most likely to be impersonated,” she added.
It’s also possible to provide an extra layer of protection to Microsoft Office 365 and other corporate accounts by applying two-factor authentication, so that even if cyber criminals manage to steal the username and password, the extra layer of verification required by two-factor authentication will help to keep the account safe.