With hundreds of millions of phishing emails sent each day, we are all familiar with dodgy messages supposedly from a service we use telling us that we need to urgently address some “suspicious activity”.
In fact, we probably receive more phony security alerts than real ones. It’s getting to the point where many of us see an email from our most trusted brands and assume that it’s a scam.
This is particularly the case when it comes to emails from Microsoft, according to a new report by Vade Secure.
It found that the tech giant was the most commonly impersonated brand in phishing emails, with 20,217 URLs associated with the organisation created in the past quarter.
Why do scammers love impersonating Microsoft?
As with all phishing scams, the number of users the impersonated organisation has is crucial. The more people use its services, the more likely it is that someone will be fooled.
More than 180 million people use Microsoft’s Office 365, a line of subscription services that requires users to register using email addresses.
If scammers can trick you into believing that their request is genuine, you are handing them access to everything in your account, be it Word documents, your emails or anything you’ve stored in the Cloud.
With so much information available, Vade Secure noted that scammers are going the extra mile to trick users. In addition to the constant stream of new sites imitating Microsoft, there are new twists on scams, like custom 404 pages.
Who else do scammers imitate?
PayPal is the second-most impersonated site, with crooks keen to find a quick way to make money. Unlike Microsoft scams, which go after sensitive information that can be sold on the dark web, phishing emails imitating PayPal go directly for cash.
Facebook is the other major target. With 286 million daily users in Europe alone, criminals have a very good chance of finding someone that the scam is relevant to.
In fact, when you factor in the number of people in Europe who have email addresses and are therefore contactable by scammers, you’re looking at almost half the population as viable targets.
The wealth of information that people provide on Facebook – from names and email addresses to jobs, physical locations, political opinions and personal preferences – can be used by scammers to create sophisticated attacks, like spear phishing.
Here is the list of the ten most commonly impersonated organisations:
- Bank of America
Want to learn more about phishing?
Find out more about how phishing works and what you can do to stay safe by taking our Phishing Staff Awareness Course.
This online training course shows helps you mitigate one of the biggest threats facing your organisation in less than hour.
It’s updated quarterly to include the latest real-life examples of phishing scams, and comes with a free monthly security awareness newsletter, providing tips and updates for continued awareness.
You might also be interested in our Phishing and Ransomware – Human patch e-learning course, which focuses on the dangers of ransomware, a malicious programme commonly sent in phishing emails.