If you follow us then you are no stranger to the endless threats that lurk inside your email inbox. But, have you ever considered that an email that seems to be from a trusted source – in this case Microsoft – could actually be your worst nightmare? 

Microsoft, the tech giant we all know and trust, has become the most imitated brand when it comes to phishing attacks. That is where cyber criminals send you an email which contains a malicious link or file. They are trying to steal your data.

Whilst Microsoft isn’t to blame for this, you and your employees should be on high alert for anything that seems suspicious. During the second quarter of 2023, Microsoft soared to the top spot of brands imitated by criminals, accounting for a whopping 29% of brand phishing attempts.

This places it well ahead of Google in second place at 19.5% and Apple in third place at 5.2%. Together, these three tech titans account for more than half of the observed brand imitator attacks.

What does this mean for your business then?

Despite a clear surge in fake emails targeting millions of Windows and Microsoft 365 customers worldwide, careful observation can help protect you from identity theft and fraud attacks. Whilst the most imitated brands change from quarter to quarter, usually cyber criminals are less likely to change their tactics.

They use legitimate-looking logos, colours, and fonts. Phishing scams frequently use domains or URLs that are similar to the real deal. A careful scan of these, along with the content of any messages, will often expose typos and errors. The tell-tale signs of a phishing attack.

One of the latest attacks claims that there has been unusual Microsoft account sign-in activity on your account, directing you to a malicious link. These links are designed to steal everything from login credentials to payment details.

Whilst tech firms continue to be popular scam subjects, many cyber criminals have turned to financial services like online banking, gift cards and online shopping orders. Wells Fargo and Amazon both rounded up the top five during Quarter 2 this year!

So you might be wondering, what can you do to protect your business?

The answer is simple. When it comes to phishing the best thing to do is slow down, observe and analyse. Check for discrepancies in URLs, domains and message text.

If you would like any help or have any questions, get in touch!