As cybercriminals sought to capitalise on large numbers of employees still working remotely, Microsoft appeared in 19 per cent of all brand phishing attempts globally, said the Brand Phishing Report for Q3 2020 by Check Point Research.
In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site.
The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.
The fake website often contains a form intended to steal users’ credentials, payment details or other personal information.
Microsoft rose from fifth place in Q2 to the top place in Q3 for brand phishing attacks.
In the brand phishing report for Q3, Microsoft was followed by DHL, Google, PayPal, Netflix, Facebook, Apple, WhatsApp, Amazon and Instagram.
For the first time in 2020, DHL entered the top 10 rankings, taking the second spot with 9 per cent of all phishing attempts related to the company.
“Remote workers are a focal point for hackers. Companies globally have their employees working remotely because of the coronavirus pandemic, possibly for the first time ever.
“There are currently billions of people now working remotely, many of them doing so for the first time in their lives. The sudden change has left many companies and remote workers unprepared to handle the latest cyber attacks,” Omer Dembinsky, Manager of Data Threat Intelligence at Check Point said in a statement.
“Hackers, sensing big opportunity, are imitating the brand most known for work: Microsoft. I expect Microsoft imitations to continue as we turn the new year,” Dembinsky said, adding that remote workers should be extra cautious when receiving an email about their “Microsoft” account.
During Q3, email phishing was the most prominent type of brand phishing platform, accounting for 44 per cent of attacks, closely followed by web phishing (43 per cent), which was the second most attacked platform compared to Q2, where it ranked first.
The top phishing brands exploited by email phishing attacks were Microsoft, DHL and Apple, respectively, said the report.