Almost 20% of phishing campaigns last quarter spoofed Microsoft as many people continue to work remotely due to the coronavirus pandemic, says Check Point Research.
Phishing attacks work in large part by exploiting well-known companies, brands, and products. The goal is to convince the recipient that the initial phishing email comes from a trusted entity, thereby increasing the odds that they'll fall for the scam. A Monday blog post from cyber threat intelligence provider Check Point Research found that Microsoft was the top impersonated brand in phishing attempts during the third quarter.
SEE: Cybersecurity: Let's get tactical (free PDF) (TechRepublic)
Based on Check Point's analysis, Microsoft jumped to first place last quarter from fifth place in the second quarter. Some 19% of all brand phishing attempts across the world tried to spoof the software giant in the third quarter, up from just 7% in the prior quarter. Check Point attributed Microsoft's rise in the rankings to the ongoing remote work climate necessitated by the COVID-19 lockdown.
For the quarter, email phishing was the most prevalent type of brand phishing, accounting for 44% of all attacks. Among email phishing attempts, Microsoft was the most impersonated brand.
As just one example, Check Point found a malicious phishing email campaign in mid-August in which the attackers were trying to capture the credentials of Microsoft accounts. The strategy was to convince recipients to click on a malicious link in an email that would then direct them to a fake Microsoft login page.
Behind Microsoft, DHL was the second most impersonated brand last quarter, appearing in 9% of the phishing attacks seen by Check Point. Google came in third place, followed by PayPal and Netflix. Rounding out the top 10 were Facebook, Apple, WhatsApp, Amazon, and Instagram.
The most common industry affected by brand phishing attempts was technology, followed by banking and social networks. These trends show that cybercriminals are exploiting the current environment by targeting people using remote technology, dealing with finances online, and using social media while quarantined at home.
"In this past quarter, we saw the highest increase in email phishing attacks of all platforms compared to Q2, with Microsoft being the most impersonated brand," Maya Horowitz, Check Point's director of threat intelligence & research for products, said in the blog post. "This has been driven by threat actors taking advantage of the mass migration to remote working forced by the COVID-19 pandemic to target employees with fake emails asking them to reset their Microsoft Office 365 credentials."
To protect your remote workers and your organization from these types of phishing threats, Check Point offers the following advice:
- Learn the red flags. There are certain characteristics that can give away an attack through an email. Some of the red flags are poor formatting, spelling and grammatical mistakes, and generic greetings such as "dear user" or "dear customer." Make sure links start with https:// and not http://. Never trust alarming messages.
- Avoid oversharing information. As a general rule of thumb, share the bare minimum no matter what site you are on. Companies never need your Social Security number or birthdate to do business with you. Never provide your credentials to third parties.
- Delete suspicious emails. If you think something is not right, it probably isn't. Delete suspicious emails without opening or clicking on any links, or forward them to the IT department for investigation. Go with your gut.
- Don't click on attachments. Do not open attachments in these suspicious or strange emails, especially Word, Excel, PowerPoint, or PDF attachments.
- Verify the sender. With every email you receive, you must take a good look at who is sending it. Who or what is the source of the email? Are there any misspellings to the email domain? Watch for misspellings or alterations in the email addresses of the email sender. Do not hesitate to block suspicious email senders via your email client.
- Keep your technology up to date. Make sure all the apps on your mobile phone and desktop computer have the latest software versions. These versions have the latest vulnerability patches and defenses to keep you safe. Using out-of-date software can leave doorways for hackers to get to your personal information.
"As always, we encourage users to be cautious when divulging personal data and credentials to business applications, and to think twice before opening email attachments or links, especially emails that claim to be from companies, such as Microsoft or Google, who are most likely to be impersonated," Horowitz added.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)