Windows 11 is in the spotlight as the next-generation operating system is set to roll out to PCs at the end of this year. As this momentous event captivates the tech world, there is a chance cybercriminals may take advantage of it. After all, Microsoft is cybercriminals’ favorite brand to imitate.
According to a new Check Point Research study, during Q2 of 2021, Microsoft was the most popular company for baiting unsuspecting victims into phishing traps.
The most popular brands for deceiving phishing victims
As the old adage says, “Imitation is the best form of flattery,” but I’m not so sure Microsoft would appreciate cybercriminals impersonating it to lure victims into their phishing lairs. Nearly half (45%) of all brand phishing attempts were Microsoft impersonators.
Here are the top imitated brands for phishing attacks, according to Check Point Research.
The investigators shared some examples of the phishing schemes they spotted, including this phony Microsoft login page replica.
“One of the goals of phishing attacks is to intrigue the victims with something they are familiar with, to increase the reliability of the email/SMS. Microsoft is obviously a very well-known brand, so phishing attacks that appear to be normal messages raises [cybercriminals’] success rate,” said Yali Magiel, Data Analyst at Check Point Research.
In response to whether the upcoming launch of Windows 11 could make Microsoft a more attractive brand for malicious actors, Magiel said, “Yes, it could. When there is a hype surrounding a popular product, such as a new version of Windows, it raises people’s curiosity to get new information.”
The investigators also witnessed a global surge in ransomware attacks, which are often spread through phishing emails with malicious attachments. Here’s a Microsoft phishing email that caught the Check Point Research team’s attention.
“The email was sent from the spoofed email address Microsoft (no-reply@microsoft[.]com) and contained the subject “Your Subscription Has Been Expired”. Here, the attacker was trying to lure victims into clicking a malicious link, which redirects the user to a fraudulent Microsoft login page. In the malicious link, the user needed to key in their Microsoft account details,” Check Point Research reported.
There are obvious red flags that these phishing emails and webpages are fraudulent replicas, but as the investigators pointed out, many fail to pick up on poor punctuation, misspelled domains and other suspicious cues, causing them to fall hook, line and sinker for phishing traps.
Fortunately, thanks to Check Point Research’s investigation, we now have some insight into which companies have the most impersonators, and as such, we’ll be more observant.
“As always, we encourage users to be cautious when divulging their data, and to think twice before opening email attachments or links, especially emails that claim to be from companies such as Amazon, Microsoft or DHL as they are the most likely to be imitated,” said Omer Dembinsky, Data Research Group Manager at Check Point Software.