You’re probably well aware of the dangers lurking in your email inbox, but have you ever thought that an email appearing to be from Microsoft could actually be a disaster waiting to happen?
Microsoft, a brand we all recognise and trust, has unfortunately become the top target for phishing scams. In these scams, cybercriminals send you an email with a dodgy link or file, aiming to nick your data.
While Microsoft isn’t at fault here, it’s crucial for you and your team to be extra vigilant for anything that looks fishy.
In Q2 of 2023, Microsoft took the lead as the most impersonated brand by scammers, making up a staggering 29% of all brand phishing attempts. This puts them well ahead of Google in second place (19.5%) and Apple in third (5.2%). Combined, these three tech giants are responsible for over half of all brand impersonation attacks.
So, what does this mean for your business?
Even though there’s been a noticeable uptick in fraudulent emails targeting Windows and Microsoft 365 users globally, being observant can go a long way in shielding you from identity theft and fraudulent activities.
While the brands being mimicked may change over time, the tactics used by cybercriminals often remain the same. They’ll use convincing logos, colours, and fonts, and their phishing scams often feature URLs that look almost identical to the real thing. However, a closer look will usually reveal typos and mistakes—dead giveaways of a phishing attempt.
One of the latest scams warns you of unusual activity on your Microsoft account and directs you to a harmful link. These links are crafted to snatch everything from your login details to your payment information.
And it’s not just tech companies that are popular targets. Many scammers have shifted their focus to financial services like online banking, gift cards, and e-commerce. Wells Fargo and Amazon also made it to the top five in Q2 2023, accounting for 4.2% and 4% of brand phishing attempts, respectively.
How can you safeguard your business?
The way to protect your business is more straightforward than you might imagine. The most effective defence against phishing is not just individual vigilance but also equipping your staff with the right training. Teach them to pause, observe, and critically examine emails for red flags such as inconsistent URLs, domains, and textual errors. By making sure everyone on your team knows what to look out for, you’re adding an extra layer of security against these types of attacks.
If we can help you keep your team aware of the risks, get in touch.
