Finding was made by researchers at cybersecurity firm Check Point
The use of Microsoft’s brand name can be attributed to the fact that Microsoft products are widely used across enterprises and vast majority of employees using them have been working from home since the virus outbreak
Microsoft was the most frequently imitated brand name used in phishing attacks in September quarter, appearing in 19% of them globally, cybersecurity firm Check Point reports. The use of Microsoft’s brand name can be attributed to the fact that Microsoft products are widely used across enterprises and vast majority of employees using them have been working from home since the virus outbreak.
Researchers at Check Point came across malicious phishing emails sent in the name of Microsoft to lure users to click on a malicious link which would redirect them to a fraudulent Microsoft login page.
Using actual brand names or logos in phishing emails or webpages is a common practice and widely used by cyber criminals to make them look credible and get gullible users to click on malicious links, attachments and share login credentials. Attackers often use brand names that are more likely to get a click.
“There are currently billions of people now working remotely, many of them doing so for the first time in their lives. Hackers, sensing big opportunity, are imitating the brand most known for work—Microsoft. I expect Microsoft imitations to continue as we turn the New Year," Omer Dembinsky, manager of data threat intelligence, Check Point said in a statement.
Google and Amazon which were the most imitated brand names in June quarter slipped down in the list to number 3 and 9 respectively in September as attackers lost interest in them. The other most imitated brand names in September quarter’s top five most imitated band’s list include DHL (9%), Google (9%), PayPal (6%) and Netflix (6%). According to Check Point, this is the first time DHL’s brand name featured in the top 10.
Further breakup of the findings reveal that email phishing accounted for 44% of attacks, web phishing for 43% and mobile phishing for 12%. Though Microsoft was the most imitated brand name in both email and web phishing, WhatsApp was the most imitated brand name in mobile phishing.
Dembinsky has urged remote workers to be extra cautious when receiving an email about their Microsoft account.