Microsoft Is The Bait Of Choice For Phishing Emails, Here Are The Other Popular Lures

Microsoft Phishing
We are all adapting to life amid a pandemic, with many people working from home as COVID-19 continues to spread. But it is not just newfound telecommuters who are adapting. So are malware authors, who are changing their lures in attempts to hook victims through phishing emails. New data suggests that Microsoft is now the top brand used in phishing attacks.

This is a notable shift, as before the pandemic, Microsoft was the fifth most popular brand using in phishing schemes. However, it now accounts for nearly a fifth of all phishing attempts, with almost triple the number of such attacks using Microsoft as a lure, compared to before. And it is directly related to threat actors looking to capitalize on large numbers of employees working remotely.

Companies like Google, Paypal, and Whatsapp are also among the top 10 most popular brands used as lures in phishing attacks.

"The most likely industry to be targeted by brand phishing was technology, followed by banking and then social network. This illustrates a broad spread of some of the best-known and most used consumer sectors, particularly during the Coronavirus pandemic, whereby individuals are grappling with remote working technology, potential changes to finances, and an increased use of social media," Check Point noted in its latest brand phishing report.

Here are the top 10 brands used as phishing lures...
  1. Microsoft: related to 19 percent of all brand phishing attempts globally
  2. DHL: 9 percent
  3. Google: 9 percent
  4. PayPal: 6 percent
  5. Netflix: 6 percent
  6. Facebook: 5 percent
  7. Apple: 5 percent
  8. Whatsapp: 5 percent
  9. Amazon: 4 percent
  10. Instagram: 4 percent
This report follows a separate one from Microsoft a few weeks ago, in which the Redmond giant said criminal groups are evolving their techniques, in part by experimenting with different phishing lures. Microsoft also said that it blocked over 13 billion malicious and suspicious emails last year, in which more than 1 billion contained URLs specifically constructed to launch a phishing credential attack.

Check Point's latest report underscores Microsoft's own data. It notes that email phishing is the most prominent type of brand phishing, accounting for 44 percent of attacks in the third quarter. This is followed closely by web-based phishing at 43 percent. Somewhat surprisingly, mobile phishing is a distant third, accounting for 12 percent of all phishing attacks.

"In a brand phishing attack, criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and web-page design to the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application. The fake website often contains a form intended to steal users’ credentials, payment details or other personal information," Check Point explains.

Bottom line? Be as diligent as ever in taking proper security precautions, and be extra wary of email communications, particularly unsolicited ones. As always, smart computing habits (like never clicking on URLs in emails) is your best bet.