Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands.
The whole idea behind impersonation is to establish the illusion of legitimacy for a phishing email. This lowers the “defenses” of the email recipient, allowing social engineering tactics to take effect and to get the victim to interact with the email.
According to Abnormal Security’s latest 2023 phishing trending data, Microsoft is the number one impersonated brand this year. What’s interesting is that emails impersonating Microsoft only represent about 4.31% of all phishing attacks. This seems rather low when you consider we’ve covered similar data from Checkpoint, where Microsoft represents 29% of the attacks.
The disparity lies in what the percentages represent. In Abnormal’s case, it’s 4.31% of all phishing attacks (that is, the sum total of both those that use impersonation and those that don’t), whereas the Checkpoint data represents 29% of all impersonation phishing attacks. While we aren’t able to corroborate the data perfectly, the findings align.
So, why is Microsoft the top brand? Sure, its M365 platform is widely used, but so is UPS, or LinkedIn. The reason comes down to what’s of value on the other end of a phishing scam. In Microsoft’s case, it’s credentials.
Credential harvesting is huge with Initial Access Brokers, and a single M365 user credential provides access to a minimum of an email account (for additional BEC attacks) and potentially access to data, applications and other corporate resources.
So, if your organization is using Microsoft 365, you need to educate users through security awareness training about the dangers of fake Microsoft-branded emails that ask the user to log onto the platform – they are likely phishing scams intent on stealing credentials.
