Microsoft (Once Again) Tops the List of Most Impersonated Brands in 2023

Microsoft 365 Apps Could Give Cybercriminals LeverageOut of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands.

The whole idea behind impersonation is to establish the illusion of legitimacy for a phishing email. This lowers the “defenses” of the email recipient, allowing social engineering tactics to take effect and to get the victim to interact with the email.

According to Abnormal Security’s latest 2023 phishing trending data, Microsoft is the number one impersonated brand this year. What’s interesting is that emails impersonating Microsoft only represent about 4.31% of all phishing attacks. This seems rather low when you consider we’ve covered similar data from Checkpoint, where Microsoft represents 29% of the attacks.

The disparity lies in what the percentages represent. In Abnormal’s case, it’s 4.31% of all phishing attacks (that is, the sum total of both those that use impersonation and those that don’t), whereas the Checkpoint data represents 29% of all impersonation phishing attacks. While we aren’t able to corroborate the data perfectly, the findings align.

So, why is Microsoft the top brand? Sure, its M365 platform is widely used, but so is UPS, or LinkedIn. The reason comes down to what’s of value on the other end of a phishing scam. In Microsoft’s case, it’s credentials.

Credential harvesting is huge with Initial Access Brokers, and a single M365 user credential provides access to a minimum of an email account (for additional BEC attacks) and potentially access to data, applications and other corporate resources.

So, if your organization is using Microsoft 365, you need to educate users through security awareness training about the dangers of fake Microsoft-branded emails that ask the user to log onto the platform – they are likely phishing scams intent on stealing credentials.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Cybersecurity Awareness Month Free Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews