The use of the Microsoft brand in phishing attacks demonstrates both its widespread credibility as well as the continued success of attacks leveraging it.
Each quarter, security vendor Check Point builds its’ Brand Phishing Ranking, identifying the top ten impersonated brands used in phishing attacks. And, while we’ve seen Microsoft at the top of this quite a few times before in their previous rankings, it’s the growth we see in their latest report covering Q2.
According to the latest ranking, Microsoft jumped from representing 38% of all impersonated brands in Q1 to 57% in Q2 – a 50% increase in just one quarter. Additionally, the remaining nine brands each represent 10% or less of the total rankings – making Microsoft’s position six times larger than any other brand on the list.
Other brands on the list were Apple, LinkedIn, Google and Facebook – of which, all but Facebook were in the top five last quarter as well.
The growth in interest in credential theft – particularly those with access to Microsoft 365 – likely has a lot to do with Microsoft’s representation on Check Point’s list. It also indicates that organizations need to keep their users in a constant state of vigilance through continual security awareness training to ensure that even the most credible-looking impersonated phishing email is seen for its true nature.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Here's how it works:
