With many people still working from home, hacks and phishing scams have been on an all time high through this year, and according to reports, Microsoft tops the list when it comes to being impersonated by hackers. Microsoft’s products and services feature nearly a fifth of all global phishing attacks in the third quarter of 2020, a report in ThreatPost pointed out.
A Check Point report saw Microsoft rising from the fifth spot in the second quarter to the top spot in the third quarter as hackers and scammers continued to capitalise on people still continuing to work from home. In the last quarter, phishing attempts imitating Microsoft accounted for about 7% of all the attacks.
This quarter, 19% of the attacks imitated Microsoft, followed by 9% imitating DHL. Google came in third also clocking a 9%. These three brands were followed by PayPal with 6%, Netflix with 6%, Facebook with 5%, Apple with 5%, WhatsApp with 5%, Amazon with 4% and Instagram with 4%.
This is the first time DHL has entered the top 10 rankings on the Check Point report.
The report also found that about 44% of all the phishing attacks were sent via email, followed by 43% by web and 12% by mobile.
The top three phishing brands exploited by email phishing attacks were Microsoft, DHL and Apple. On the web, the top three brands were Microsoft, Google and PayPal and for mobile it was – WhatsApp, PayPal and Facebook.
“Remote workers are a focal point for hackers,” said Omer Dembinsky, manager of data threat intelligence at Check Point, in a statement.
Dembinsky also pointed out that hackers are making the most of employees working from home, with many of them doing so for the first time ever. This means that most companies and remote workers are unprepared to handle cyberattacks. Hackers are using the opportunity to do what they can by imitating the brand that’s most known for work – Microsoft.
In the case of top phishing efforts, Check Point researchers witnessed a malicious phishing email trying to steal credentials of Microsoft accounts in mid-August. The hacker had sent out malicious links that tried to lure the victim into clicking on it which redirected them to a fake Microsoft login page.
Then, during September, Check Point researchers spotted a malicious phishing email, “allegedly” sent by Amazon that was trying to steal user’s credit card information. The scam email claimed that the user’s account was disabled due to too many login failures and directed the user to a fraudulent Amazon billing center website where the user was instructed to enter the billing information.
Hackers, in this case, were trying to make the most of Amazon’s popularity that has skyrocketed over the pandemic.
Dembinsky added that scammers will continue to imitate Microsoft as the year goes on and encouraged all users to be extra careful with their emails and not click on links without checking them thoroughly.
