Is that Microsoft email actually a phishing attack?

You’re no stranger to the never-ending threats that lurk in your email inbox. But have you ever considered that an email apparently from Microsoft could turn out to be your worst nightmare?

When it comes to phishing attacks, Microsoft has become the most mimicked brand. Phishing is when cybercriminals send you an email with a harmful link or file attached, attempting to steal your information.

While Microsoft is not to blame, you and your staff should be on the lookout for anything odd.

Microsoft surged to the top of the list of brands imitated by thieves in the second quarter of 2023, accounting for a stunning 29% of brand phishing attempts.

This puts it far ahead of Google in second (at 19.5%) and Apple in third (at 5.2%). These three IT giants account for more than half of all observed brand imitator attacks.

But what does this mean for your business?

Despite a clear increase in the number of bogus emails targeting millions of Windows and Microsoft 365 customers around the world, simply being attentive can help protect you from identity theft and fraud threats.

While the most imitated brands fluctuate from quarter to quarter, cyber thieves’ strategies are less likely to change.

They employ authentic-looking logos, colours, and fonts. Phishing scams usually employ very similar domains or URLs to the actual thing. However, a close examination of these, as well as the substance of any messages, can frequently reveal typos and errors – tell-tale symptoms of a phishing assault.

One of the most recent attacks claims that your Microsoft account has had unusual sign-in activity, pointing you to a malicious link. These links are intended to steal anything from login passwords to payment information.

While technology companies remain attractive scam targets, many cyber thieves have switched to financial services such as online banking, gift cards, and online shopping orders. During Q2 2023, US bank Wells Fargo and Amazon rounded out the top five, accounting for 4.2% and 4% of brand phishing attempts, respectively.

What can you do to safeguard your business?

The answer is less complicated than you might assume. When it comes to phishing, the best defence is to slow down, watch, and analyse. Examine URLs, domains, and message text for inconsistencies.

If you’d like to know how we can help you keep your team aware of the risks, get in touch.