Content, Breach, Channel partners, Content, Phishing

Microsoft Tops List of the Most Impersonated Brand for Phishing Scams in Q2 2023

Microsoft was the leading brand most frequently imitated by cybercriminals looking to steal individuals’ personal information or banking credentials during the second quarter of 2023.

This news comes via Check Point’s latest Brand Phishing Report for the period.

The Redmond, Washington tech giant moved up from third place in the first quarter 2023 to the top spot in the second quarter, accounting for 29% of all brand phishing attempts. This is largely due to a phishing campaign that saw hackers targeting account holders with fraudulent messaging regarding unusual activity on their account.

The report ranked Google in second place, accounting for 19% of all attempts, and Apple in third, featuring in 5% of all phishing events during the last quarter. In terms of industry, the technology sector was the most impersonated, followed by banking and social media networks.

Fake Websites a Common Attack Vector

According to Check Point, in a brand phishing attack criminals try to imitate the official website of a well-known brand by using a similar domain name or URL and a web-page design that resembles the genuine site. The link to the fake website can be sent to targeted individuals by email or text message, a user can be redirected during web browsing, or it may be triggered from a fraudulent mobile application.

Below are the top brands ranked by their overall appearance in brand phishing attempts:

  1. Microsoft (29%)
  2. Google (19.5%)
  3. Apple (5.2%)
  4. Wells Fargo (4.2%)
  5. Amazon (4%)
  6. Walmart (3.9%)
  7. Roblox (3.8%)
  8. LinkedIn (3%)
  9. Home Depot (2.5%)
  10. Facebook (2.1%)

Omer Dembinsky, Check Point data group manager, explained the tactics of hackers “scarcely” change:

“While the most impersonated brands move around quarter to quarter, the tactics that cyber criminals use scarcely do. This is because the method of flooding our inboxes and luring us into a false sense of security by using reputable logos has proven successful time and time again.

"This is why we all must commit to stop and review, taking a moment before clicking on any link we don’t recognize. Does something feel off? Is there bad grammar or any language that is prompting an instant response? If so, this may be an indicator of a phishing email.

"For organizations worried about their own data and reputation, it is key that they take advantage of the right technologies that can effectively block these emails before they have a chance to dupe a victim.”

Recent Phishing Activity Examined

Earlier this year, Check Point warned of an upward trend that saw phishing campaigns leveraging the finance industry. For example, Wells Fargo bank took fourth place this quarter due to a series of malicious emails requesting account information.

Here are some examples of phishing activity during the quarter:

The campaign involved deceptive emails which were sent allegedly from inside the company with sender names such as “Microsoft on <company domain>”. The subject line of these phishing emails was "RE: Microsoft account unusual sign-in activity" and they claimed to have detected unusual sign-in activity on the recipient's Microsoft account.

To address this supposed security concern, the phishing emails urged recipients to review their recent activity by clicking on a provided link which leads to malicious websites unrelated to Microsoft.

The email falsely claimed to be from “LinkedIn” and had the subject line "Revise PO June - Order Sheet." It aimed to deceive recipients into clicking on a malicious link by disguising it as a report.

Wells Fargo
The email was sent from the address "29@9bysixcoza" and appeared to be from “Wellsfargo Online”. It had the subject line "Verification Required" and aimed to trick recipients into providing their account information by claiming that certain details were missing or incorrect.

The email was sent from the address “info@chatpoodinfo” and had the subject line "Walmart eGift Card Waiting." The purpose of this fraudulent email was to deceive recipients by offering them a $500 Walmart Gift Card as a token of appreciation for their loyalty.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.