Microsoft the Most Used Name in Phishing Scams: Prey to Their Own Success?
Image: Getty Images
Microsoft was the most impersonated company for brand phishing attacks in the third quarter of 2020, cybersecurity firm Check Point reported Monday. According to the report, the software giant appeared in 19 percent of the global brand phishing attacks that took place amid the pandemic where people are working from home more than ever. Check Point also notes that German courier company, DHL entered the top 10 rankings for the first time in 2020, taking the second spot with 9 percent of all phishing attacks related to the company. Additionally, industries such as technology, banking, social network were most targeted by brand phishing, the report highlighted.
Phishing attacks occur when hackers try to emulate official websites from companies in attached links while in reality they are just fabricated URLs connected to a remote server that attempts to steal users' data. If the user clicks on any such links from convincing emails or post on WhatsApp, hackers can potentially have access to personal data including banking details. In many cases, attackers create a dummy login page, bearing a reputed brand's logo and name, to persuade users to put forward username and password credentials.
Check Point report further notes that brands such as Google (9 percent), PayPal (6 percent) and Netflix (6 percent) were also emulated the most by attackers to carry brand phishing attacks in the last quarter of this year. Moving to phishing attacks by platforms, hackers used email channels the most in Q3 (44 percent), followed by Web (43 percent) and mobile (12 percent). The report highlights that for phishing attacks via mobile, attackers used platforms such as WhatsApp, PayPal, and Facebook the most.
Check Point claimed that to carry out brand-phishing attacks under Microsoft's branding, malicious phishing emails trying to steal credentials of Microsoft accounts were used widely. "The attacker was trying to lure the victim to click on a malicious link which redirects the user to a fraudulent Microsoft login page," the report noted.