Is that Microsoft email actually a phishing attack?

Beware: Microsoft is the Top Brand Used in Phishing Attacks — Protect Your Business Now

You already know email can be a minefield of cyber threats, but did you realise Microsoft is now the most impersonated brand in phishing scams? Cybercriminals craft convincing fake emails that appear to be from Microsoft, tricking users into clicking malicious links or downloading harmful files — all designed to steal your sensitive data.

In the second quarter of 2023 alone, nearly 29% of all phishing attempts targeted Microsoft accounts, surpassing other tech giants like Google (19.5%) and Apple (5.2%). Together, these top three brands account for over half of all fake-brand phishing attacks.

So, what does this mean for your business? If you or your employees use Windows or Microsoft 365, you could be prime targets for identity theft and fraud — but vigilance can keep you safe.

Phishers mimic Microsoft’s logos, fonts, and colours, often using URLs that look real at a glance. Yet, subtle typos and suspicious links often give them away. One common ploy warns of unusual activity on your Microsoft account, prompting you to enter login details on a fake website.

It’s not just tech companies under attack. Finance giants like Wells Fargo and Amazon also rank high among phishing targets, making up 4.2% and 4% of attempts respectively in Q2 2023.

‍

‍

How to protect your business:

• Always take a moment to verify sender email addresses and URLs.
• Look closely for misspellings, strange domain names, or urgent language pressuring immediate action.
• Educate your team on recognising phishing red flags.

If you want help training your staff or securing your systems against phishing threats, get in touch. We’re here to keep your business safe in an evolving cyber landscape.

‍