Microsoft is Now Most Imitated Brand by Hackers

[uk666]

Microsoft is Now Most Imitated Brand by Hackers

Check Point Research, a leading provider of cyber security solutions globally, has published its new Brand Phishing Report for Q3 2020. 

The report highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during July, August and September.

In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. 

The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. 

The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.

The brands most frequently spoofed by cyber-attackers to steal personal information; Microsoft came out on top with 19% of all brand phishing attempts.

Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. 

It’s not just through emails, though: many phishing attacks attempt to replicate the image of a company’s official website. They do this by using a similar domain name or URL and web-page design to the genuine site. 

Often, the fake website contains a form intended to steal users’ credentials, payment details or other personal information.

Top phishing brands in Q3 2020

The top brands are ranked by their overall appearance in brand phishing attempts:

1. Microsoft (19% )
2. DHL (9%)
3. Google (9%)
4. PayPal (6%)
5. Netflix (6%)
6. Facebook (5%)
7. Apple (5%)
8. Whatsapp (5%)
9. Amazon (4%)
10. Instagram (4%)

Email (44% of all phishing attacks during Q3)

1. Microsoft
2. DHL
3. Apple

Web (43% of all phishing attacks during Q3)

1. Microsoft
2. Google
3. PayPal

Mobile (12% of all phishing attacks during Q3)

1. Whatsapp
2. PayPal
3. Facebook

What to do?
Obviously, be careful of any ‘warning’ email, saying that an account (Microsoft, Google, PayPal etc) has been suspended or cancelled.

Here’s an example of a fake Microsoft Account Verification email:

Instead, go to the web site (Microsoft.com Google.com etc) from your browser.  If there’s really a block on your account, it’ll be really obvious when you try to login.

Two-factor authentication
Yes, we know we keep banging on about Two Factor Authentication and many of you are probably bored with us talking about ‘2fac’.

Two Factor Authentication really is the single best thing you can do to protect your data and identity.  It’s free with commonly available and well-tested tools.

Please setup ‘2Fac’ for your Microsoft and email accounts at the very least.