Microsoft Brand Spoofing Is the Worst
Brand spoofing is a type of phishing where the perpetrator pretends to be a well-known brand. Usually, it’s in the form of disguised emails. A recent study revealed that Microsoft is the most spoofed brand by a wide margin.
It’s incredibly easy to forge a sender email address. With just a little bit of time and patience, you can create an email that says it’s coming from Bill Gates, Jeff Bezos, or anyone else you’d like. That very fact makes it tempting for bad actors to do… well bad things.
Frequent attacks include emails claiming your account is locked, and only clicking on a link in the email and providing your username and password will solve the problem. Or along similar lines, a request to confirm payment by providing your credit card number. Usually, the links lead you not to the site it claims to be, but a malware site that may infect your computer and will certainly record your input. You’re handing your user name, password, credit card, etc. directly to the very people you’d never want to have that information.
Security solutions provider FireEye released a report about brand impersonation, and among the brands, they detected as targets of spoofing, Microsoft is the preferred company by far.
The Microsoft brand name itself accounted for 30% of all brand impersonation FireEye identified. It gets for the worse the company, OneDrive is number two at 7%, Microsoft Outlook is number 6 at 4%, LinkedIn and Microsoft Office hit the list as well at 2%. So altogether, Microsoft properties accounted for 45% of all the phishing attacks FireEye discovered. The next closest company was Apple, at just 7%.
FireEye’s report also stated that phishing attacks are on the rise, with an increase of 17% in the first quarter of this year alone. The methods are changing, and the sophistication is growing. And new malicious URLs are even using HTTPS, emphasizing once again that just because the site uses HTTPS doesn’t mean it’s truly safe.
If you receive an email from any company (or anyone claiming to be from a company), asking for information or some confirmation of details, the safest thing to do is skip any links in the email. Open your browser and go straight to the site. Treat the email as malicious until proven otherwise. By following that advice with every email, even from people you know and trust, you’ll avoid a lot of heartache and frustration down the road. [TechRadar]