Spoofing scams find a favorite victim in Microsoft, the brand that cybercriminals love to impersonate

A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
(Image credit: Getty Images)

Phishing attacks remain a significant threat to organizations across various industries, with threat actors disguising malicious emails as legitimate messages from trusted brands, in an attempt to deceive users into divulging sensitive information or installing malware.

A multi-year survey by Cofense has highlighted phishing campaigns that spoofed trusted brands across the top 10 industries they serve - with Microsoft coming out on top as the most impersonated brand.

Cofense found 92.87% of the phishing emails it analyzed targeted Microsoft users, followed by Adobe and Webmail, accounting for 3.53% and 1.62%, respectively.

Be wary of emails from Microsoft

Microsoft spoofing is highly versatile, Cofense warned, with emails mimicking everything from Multi-Factor Authentication (MFA) requests to shared document alerts. The familiarity of Microsoft-related emails makes it easy for attackers to design convincing phishing attempts.

In finance and insurance, where there is a strong reliance on document sharing for signatures, Adobe is the second most targeted brand in this sector behind Microsoft. DHL and Meta are also common targets.

The manufacturing and mining sectors have Microsoft, Adobe, and Webmail topping the list. However, it is interesting to note that China Union Pay, a payment service in China, and South African Post Office ranks among the top five spoofed brands in this sector.

In the retail sector, Microsoft and Adobe continue to dominate, however, due to the logistical nature of the retail industry, DHL ranks third. Canada Post, a key logistics provider, also makes the list, emphasizing the focus on supply chain and delivery-related phishing campaigns.

Even in niche sectors like real estate, utilities, and transportation, Microsoft and Adobe are frequently impersonated. Instagram is also subject to impersonation, with attackers often attempting to hijack high-following social media accounts to spread scams and malware.

Microsoft and Adobe again top the list in the healthcare sector, but as this industry requires frequent use of file sharing, Dropbox and Docusign are often impersonated to trick healthcare workers into providing access to sensitive patient data.

Phishing emails often mimic legitimate messages from well-known companies, making it easier for attackers to deceive users into clicking on malicious links or providing sensitive information. It's crucial to verify the authenticity of any unexpected emails from such brands and be on the lookout for signs of phishing, such as suspicious links, unfamiliar senders, or requests for personal information.

More from TechRadar Pro

TOPICS
Efosa Udinmwen
Freelance Journalist

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master's and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products. Efosa can be contacted at this email: udinmwenefosa@gmail.com