Microsoft is the most imitated brand by phishing scammers as hackers look to gain access to valuable Microsoft 365 data.
Source: Help Net Security
The details: According to a new quarterly report from Vade Secure, attackers are turning increasingly to spoofing top brands to convince you to click. Phishing emails spoofing a company or brand rose 20.4% in the third quarter - with Microsoft the go-to brand.
Phishing attempts spoofing Microsoft increased by more than 30% as attackers increasingly seek access to data held Office365 or Azure cloud services. The next most spoofed companies were unsurprisingly, those linked to financial accounts - PayPal at No. 2 followed by Bank of America at No. 4, Wells Fargo at No. 5 and Chase at No. 7.
Why it matters: Phishing attempts against financial services companies are nothing new. But, the rise of Microsoft, Apple and Google up the list of the 25 most spoofed companies is worthy of pause. In an era when people, and an increasingly large number of businesses, store all or most of their important information in cloud, gaining access to a specific account can be all that is needed to lay a person or company bare. In targeting Microsoft 365 accounts, attackers can hope to steal data not only from Outlook, but Skype, OneDrive, Excel and all of the other apps which Microsoft ties into its productivity suite. Jackpot.
The hacker perspective:
Randori director of offensive security, Evan “Syn” Anderson says,
"When launching phishing campaigns, attackers will often attempt to spoof login pages and trick users into giving up credentials. With a simple phishing email and convincing login page, attackers can steal usernames, passwords and MFA tokens in a single swipe. As an attacker, Microsoft is a no-brainer. Outlook Web Access, Office365, and Azure are often exposed publicly on a target’s perimeter and gaining access to these systems can be very valuable to the attacker. That said, the focus on only the most spoofed pages can lead to a false sense of security - as an attacker can spoof any page on your perimeter not just the most popular. Knowing what pages from your perimeter an attacker could spoof is invaluable."