Table of Contents
Sign Up
Microsoft: Prime Target for Cybercriminals, Tips to Spot Phishing
Check Point Research (CPR), the Threat Intelligence division of Check Point Software, has published its Brand Phishing Report for the fourth quarter of 2023.
The report highlights the brands most frequently imitated by cybercriminals in their attempts to steal personal data or credentials from individuals’ financial institutions during October, November, and December 2023.
In the last quarter of the previous year, Microsoft secured the first place as the most impersonated and imitated brand, accounting for 33% of all brand phishing attempts.
The technology sector stood out as the most targeted overall, with Amazon claiming the second spot at 9%, and Google in third at 8%.
Social networks and the banking sector represented the other two most targeted sectors in the Brand Phishing Top 10.
To wrap up the list of top brands, consumer spending associated with the year-end holiday season led cybercriminals to continue targeting retail and delivery companies in the fourth quarter of 2023.
The widely recognized parcel delivery brand DHL entered the Top 10, possibly due to increased shopping activity since November (Black Friday), while Amazon’s ranking could be attributed largely to its annual Amazon Prime Day promotion scheduled during the second week of October.
“We bid farewell to 2023, but one threat continued to accompany us into this new year: the danger of phishing. Even cybercriminals with limited IT skills can accurately impersonate legitimate brands to deceive unsuspecting users and consumers and conduct social engineering attacks,” says Omer Dembinsky, Manager of the Check Point Software Data Research Group.
“With the widespread use of Artificial Intelligence (AI), we can expect an increase in the volume of phishing campaigns this year even more indistinguishable from legitimate company communications. As major technology brands, social networks, and banks continue to be imitated, end-users need to pay extra attention when interacting with emails claiming to be from a trusted brand,” warns Dembinsky.
Top Imitated Brands in Q4 2023
Below are the Top 10 brands ranked by identification in brand phishing events and campaigns during the fourth quarter of 2023:
- Microsoft (brand related to 33% of all global phishing attacks)
- Amazon (9%)
- Google (8%)
- Apple (4%)
- Wells Fargo (3%)
- LinkedIn (3%)
- Home Depot (3%)
- Facebook (3%)
- Netflix (2%)
- DHL (2%)
Microsoft Phishing Email – Email Verification Scam
The Check Point Research (CPR) team identified a fake email posing as Microsoft’s account team.
The email text claimed to require email address verification and asked recipients to click on a verification link.
The email’s subject line read “Microsoft: Verify your email address,” aiming to create a sense of urgency. The included phishing link in the email was:
This link is not associated with Microsoft. The email requested recipients to verify their email addresses and could potentially lead to fraudulent activities.
Apple Phishing Email – Storage Limit Alert Scam
The CPR research team identified a fake email pretending to be from Apple, sent from the address “blake[@]borderpfoten[.]de.”
This email intended to alert recipients about nearly full storage in their Apple account. The fake email’s subject line was “{Recipient’s name} Your Apple storage is almost full!!” and had a personalized touch to create a sense of urgency.
The email included a malicious link “ktraks[.]futurwatt܂com/ga/click/,” which is currently inactive.
This link is not associated with Apple. The email asked recipients to fix the storage issue by clicking the inactive link, which could lead to fraudulent activities.
How to Recognize and Avoid Phishing
The best defense is to be aware of the telltale signs of a phishing message. It’s crucial to be even more attentive now, as with the increasing adoption of AI, it’s no longer sufficient to look for words with spelling and grammar errors.
Here are the key indicators listed to identify phishing:
- Threats or Intimidation: Phishing messages may use intimidation tactics, such as threats of account suspension or legal action, to coerce the user into action. Be wary of urgent, alarming, or threatening messages.
- Message Style: If a message seems inappropriate for the sender, it’s likely a phishing attempt. Watch out for any unusual language or tone. Phishing messages often use ambiguous or generic greetings like “Dear user” instead of personalized greetings.
- Unusual Requests: Phishing emails may ask the user to perform unusual actions. For example, if an email instructs the person to install software, they should check with the organization’s IT department to see if it’s a legitimate request, especially if it’s not a standard practice.
- Inconsistencies in Links and Addresses: Check for discrepancies with email addresses, links, and domain names. Hover over hyperlinks or shortened URLs to see their actual destinations and check for inconsistencies.
- Requests for Personal Information: Be cautious when an email requests confidential information, such as passwords, credit card or bank numbers, or social security numbers. Legitimate organizations typically don’t ask for these details via email.