Microsoft leads again! The most impersonated brand on the Internet

Office for Mere Mortals
Your beginners guide to the secrets of Microsoft Office
Invalid email address
Tips and help for Word, Excel, PowerPoint and Outlook from Microsoft Office experts.  Give it a try. You can unsubscribe at any time.  Office for Mere Mortals has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy

Hackers now imitate Microsoft account logins more than any other, so criminals can steal personal and corporate information. So Microsoft leads again, but you won’t see this in their promotions. 

A brand phishing attack is a fake site that appears to be the real company, often using a similar URL and a page design the same as the original. Phishing has been around for many years. Now criminals are more sophisticated and tricky.  More data is stored online means the loss and damage to people and companies is far greater.

A Microsoft account is required for anyone with Office 365/Microsoft 365, Office 2019, Outlook.com, Hotmail and many other Microsoft services. If a criminal can get into a Microsoft it can be a gold mine for identity and money theft.

Microsoft has blasted past other commonly hacked brands like Paypal. Google to grab a 19% share of the hackers ‘phishing market’.  That’s up from 7% of hacking attempts earlier this year.

All this according to CheckPoint Microsoft is Most Imitated Brand for Phishing Attempts in Q3 2020

image 122 454x296 - Microsoft leads again! The most impersonated brand on the Internet
Data source: Checkpoint

The only worse result was ‘Other’ for the 28% of small brands outside the top ten.

Microsoft leads in both email and web based phishing attacks.

DHL is a surprise entrant to the targeted brand Top Ten list, appearing for the first time in 2020 at 9%.

Email phishing on the rise

Fake links sent by email is the most common type, about 44% of attacks.  Other fake links can come by instant messaging including ‘in-house’ chats when a hacker has got access to another staff members account.

Why Microsoft?

Microsoft accounts have a lot of valuable information for identity theft, ransoming and corporate espionage 

Email, documents, passwords, credit card details, you name it is all behind a Microsoft account.

Microsoft 365 and Windows 10 users, especially with hosted email can lose a lot if a hacker steals your login.

What to do?

Obviously, be careful of any ‘warning’ email, saying that an account (Microsoft, Google, Paypal etc) has been suspended or cancelled.

Here’s an example of a fake Microsoft Account Verification email

image 123 - Microsoft leads again! The most impersonated brand on the Internet
Source: Checkpoint

Some people will know this is a fake right away because Microsoft (like most companies) doesn’t block an account just because of an unusual login.  

Our roaming boss, Peter Deegan, often gets ‘unusual behaviour’ emails when he moves to a different country or region.  Those messages simply warn about the login and ask you to report if there’s a problem.  If the login is OK, no action is necessary.

If you think the email is real – DON’T click on the link.

Instead, go to the web site (Microsoft.com Google.com etc) from your browser.  If there’s really a block on your account, it’ll be really obvious when you try to login.

Two-factor authentication

Yes, we know we keep banging on about Two Factor Authentication and many of you are probably bored with us talking about ‘2fac’.

Two Factor Authentication really is the single best thing you can do to protect your data and identity.  It’s free with commonly available and well-tested tools.

Please setup ‘2Fac’ for your Microsoft and email accounts at the very least.

The Myth about Two-Factor Authentication
Office 365 continues to be a hackers treasure chest

Latest news & secrets of Microsoft Office

Microsoft Office experts give you tips and help for Word, Excel, PowerPoint and Outlook.

Give it a try. You can unsubscribe at any time.  Office Watch has been running for over 20 years, we've never, ever revealed or sold subscriber details.  Privacy policy
Invalid email address