Skip to main content

Microsoft is a favourite target for brand spoofing

(Image credit: Future)

Brand spoofing or phishing email attacks aren’t new but they’re growing every quarter as cybercriminals are tricking more people to disclose their confidential and financial data for the purpose of identity theft. The sender’s email address is spoofed to look like it is coming from a reliable source..

According to the US security solutions provider FireEye’s Email Threat Report, Microsoft is the most commonly spoofed brand, accounting for almost 30% of all detections. Also present on that list are Apple, PayPal and Amazon, each within the 6-7% range.

(Image credit: Future)

Attackers don’t restrict their activities just to the commercial sector. The top 20 brands used in phishing attacks include personal services such as Netflix, LinkedIn, Amazon and Free Score 360.

Most common brands detected in phishing attacks

  1. Microsoft - 29%
  2. OneDrive - 7%
  3. Apple - 7%
  4. PayPal - 7%
  5. Amazon - 6%
  6. Microsoft Outlook - 4%
  7. Excel - 3%
  8. Adobe - 3%
  9. LinkedIn - 2%
  10. Free Score 360 - 2%
  11. American Express - 2%
  12. DHL - 2%
  13. Microsoft Office - 2%
  14. Netflix - 1%

Source: FireEye

Phishing is on the rise with a 17% increase in the first quarter of this year

The security company has seen a 17% increase in phishing attacks in the first three months of this year compared to the last three months of last year. FireEye saw many attacks involving emails that relate to a Microsoft Office 365 account.

Ken Bagnall, Vice-President of email Security at FireEye, said that threat actors are doing their homework. “We’re seeing new variants of impersonation attacks that target new contacts and departments within organisations,” he said.

The report said that HTML attachments and phishing pages are other phishing attack mechanisms that were popular in the first quarter because HTML attachments are not hosted; they can evade detection and made to look very convincing.

In 2018, FireEye reported that URL-based attacks had overtaken attachment-based attacks as a means of delivery. The company has seen a 26% quarter-over-quarter increase in malicious URLs using HTTPS, which indicates that malicious actors are taking advantage of the common consumer perception that HTTPS is a “safer” option to engage on the internet. Phishing pages which require user interaction such as Sleep, Captcha, Display-links, and graphic buttons with links to malicious documents add to the apparent authenticity of the page.

That email is NOT from your CEO

Impersonation attacks, such as CEO fraud and business email compromise also showed a steady increase over the quarter and the trend points to a continued rise in the second quarter as bad actors impersonate executives and senior managers to dupe employees into taking an action, such as authorising fraudulent wire transfers.

 “The danger is these new targets may not be prepared or have the necessary knowledge to identify an attack...The targeted organisation thinks they’ve paid a legitimate invoice when the transaction was actually made to an attacker’s account,” Bagnall said.