Cybercriminals still love using Microsoft as a disguise for phishing

Share on facebook
Share on twitter
Share on linkedin
Share on email

As people become more au fait with cybersecurity, cybercriminals need to become more wily when trying to get somebody to hand over their sensitive data.

One way to do that is by impersonating a well known brand and leveraging the established trust of that brand to compromise a person.

In its Brand Phishing Report for Q1 2021, Check Point Research reports that Microsoft remains the most imitated brand by cybercriminals in phishing campaigns for the second quarter running.

“Criminals increased their attempts in Q1 2021 to steal peoples’ personal data by impersonating leading brands, and our data clearly shows how they change their phishing tactics to increase their chances of success,” writes data research manager at Check Point, Omer Dembinsky.

Microsoft was reportedly imitated in 39 percent of all brand phishing attempts worldwide in Q1. Interestingly, Roblox is the fourth most imitated brand with 6 percent of phishing campaigns using the name.

The full list from most popular to least follows below.

  1. Microsoft – 39 percent
  2. DHL – 18 percent
  3. Google – 9 percent
  4. Roblox – 6 percent
  5. Amazon – 5 percent
  6. Wells Fargo (US bank) – 4 percent
  7. Chase (US bank) – 2 percent
  8. LinkedIn – 2 percent
  9. Apple – 2 percent
  10. Dropbox – 2 percent

While some phishing campaigns are only interested in getting a user to key in their credentials, in the case of one campaign imitating DHL, users were told to download a file which infected the system with Agent Tesla, a malware that steal passwords.

An example of a phishing email imitating DHL.

“While security measures are often built into websites and apps, particularly with banking, it’s the human element that often fails to pick up on scams, and as such, cyber criminals are continuing to trick people using convincing emails purporting to be from trusted brands,” explains Dembinsky.

Be cautious when receiving mails from big brands. Our advice is to contact the brand directly before downloading attachments or visiting websites an email asks you to visit.

[Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.