Watch out - that unexpected Microsoft alert could well be a phishing attack

Many brand-imitating attacks were Microsoft-related

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoftis now the most imitated brand when it comes tophishingattacks, new research has warned

The latest findings from Check Point’s Threat Intelligence division found that during the second quarter of 2023, Microsoft climbed to top place, up from third in the previous quarter, accounting for 29% of brand phishing attempts, placing it far ahead ofGooglein second place (at 19.5%) andApplein third place (at 5.2%). Together, the three tech titans account for more than half of the observed brand imitator attacks.

Despite a clear rise in fake emails for millions of Windows andMicrosoft 365customers worldwide, Check Point stresses that careful observation can reveal patterns that help protect fromidentity theftand fraud attacks.

Microsoft phishing on the rise

Check Point Software Data Group Manager Omer Dembinsky said: “While the most impersonated brands move around quarter to quarter, the tactics that cybercriminals use scarcely do,” pointing at the legitimate-looking logos, colors, and fonts used by attackers.

These are the best identity theft protection tools around>Apple is the online store of choice for phishing scams>Microsoft Azure accounts hit with phishing attacks to hijack virtual machine

Phishing scams will also typically use domains or URLs that are closely related to the real deal, but taking the time to scan these and the content of any messages will often reveal a series of intended and unintended typos and errors, all of which are telltale signs of a phishing attack.

One of the most recent attacks witnessed by Check Point analysts has been one relating to unusual Microsoft account sign-in activity, which directs users to a malicious link. These links are designed to steal any manner of information, from login credentials to more sinister material, like payment methods.

While tech firms continue to be the subject of popular scams, many threat actors have also been seen turning to financial services like online banking, gift cards, and online shopping orders. Wells Fargo andAmazonboth rounded up the top five during Q2 2023, accounting for 4.2% and 4% of brand phishing attempts respectively.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Checking for the above-mentioned discrepancies in URLs, domains, and message text, go a long way to protecting victims from unwillingly handing over personal information, and the best course of action when it comes to phishing is just to slow down, observe, and analyze.

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

This new malware utilizes a rare programming language to evade traditional detection methods

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time