To capitalize on remote workforces created by the coronavirus pandemic, hackers have turned Microsoft into their go-to brand for phishing attacks, making it nearly a fifth of all global phishing attacks in the 3rd quarter of this year.
Security researchers at Check Point have released their quarterly brand phishing report. The report, powered by Check Point’s ThreatCloud* database, highlights the brands that hackers imitated the most to lure people into giving up their personal data or payment credentials during July, August and September of this year.
Hackers are Leveraging the Microsoft Brand to Trick Remote Workers
In Q3 2020, Microsoft was the brand most frequently targeted brand by cybercriminals, soaring from fifth place in Q2 to the top of the ranking. 19% of all brand phishing attempts globally traced to the technology giant, as threat actors sought to capitalize on large numbers of employees still working remotely during the Covid-19 pandemic. In Q2, Microsoft made up only 7% of all brand phishing attempts. Below are the top brands ranked by their overall appearance in brand phishing attempts:
For the first time in 2020, DHL entered the top 10 rankings, taking the second spot with 9% of all phishing attempts related to the company.
Email is Top Attack Vector, making up 44% of all Phishing Attacks
During Q3 2020, email phishing was the most prominent type of brand phishing platform, accounting for 44% of attacks, closely followed by web phishing (43%), which was the second most attacked platform compared to Q2, where it ranked first. The top phishing brands exploited by email phishing attacks were Microsoft, DHL and Apple, in that order.
Email (44% of all phishing attacks during Q3)
Web (43% of all phishing attacks during Q3)
Mobile (12% of all phishing attacks during Q3)
Example A: Microsoft Phishing Email Aims to Steal Credentials
During mid-August, Check Point researchers witnessed a malicious phishing email trying to steal credentials of Microsoft accounts. The attacker was trying to lure the victim to click on a malicious link which redirects the user to a fraudulent Microsoft login page.
Example B: Amazon Phishing Email Attempts Credential Information Theft
During September, Check Point researchers noticed a malicious phishing email which was allegedly sent by Amazon and was trying to steal user’s credit information. The email said that the user’s account was disabled due to too many login failures and pointed the user to a fraudulent Amazon billing center website in which the user is instructed to enter billing information. During the coronavirus pandemic, Amazon has seen explosive growth, as many rely on the e-commerce giant for goods throughout quarantined periods. Accordingly, hackers have made efforts to exploit Amazon’s popularity during the coronavirus pandemic.
Quote: Manager of Data Threat Intelligence, Omer Dembinsky:
“Remote workers are a focal point for hackers. Companies globally have their employees working remotely because of the coronavirus pandemic, possibly for the first time ever. There are currently billions of people now working remotely, many of them doing so for the first time in their lives. The sudden change has left many companies and remote workers unprepared to handle the latest cyber attacks. Hackers, sensing big opportunity, are imitating the brand most known for work: Microsoft. I expect Microsoft imitations to continue as we turn the new year. I encourage remote workers to be extra cautious when receiving an email. If you get an email about your ‘Microsoft’ account, I would have my guard up.”
Safety Tips for Remote Workers Against Phishing Attacks
To help remote workers stay safe from phishing attacks, Check Point researchers have issued the following cyber security tips: