Tech giants Microsoft, Alphabet (Google), Amazon, and Meta (Facebook) are now seeing their brands being compromised to trick organizations and individuals into opening their security doors to cyber criminals.
Attackers send phishing emails falsely purporting to be from a legitimate brand such as Microsoft or Google with a seemingly innocuous but weaponized link containing malware, leaving victims open to financial fraud and companies and their suppliers and customers open to potential ransomware attacks. Last year, the Federal Bureau of Investigation (FBI) recorded over 300,000 successful phishing attacks.
According to cybersecurity firm Abnormal Security, the world’s three most impersonated brands are Microsoft, PayPal, and Facebook, with Google and Amazon also appearing in the top ten, together with McAfee, Oracle, DocuSign, and Intuit. Phishing emails claiming to be from these brands can be disguised as fake alerts to fraudulent activity, false warnings about losing account access, or even as a simple sign-in request. While Big Tech brands are impacted the most, other affected brands include Best Buy, American Express, Netflix, Adobe, and Walmart.
“Microsoft is by far the most commonly spoofed company — with nearly 650,000 attacks stopped by Abnormal last year. That’s 4.31% of all phishing attacks among 350 brands,” says Abnormal Security CISO Mike Britton.
Britton adds that the aim of most phishing attacks using the Microsoft brand is to acquire the credentials needed to gain access to Microsoft’s 365 environments to steal sensitive data from Outlook or SharePoint.
The damage being done to Microsoft by this type of online brand impersonation is far higher than for any other global brand and comes at a time when the Microsoft brand is already struggling in the search engine space. Although Microsoft has chosen to dispute the findings, web analytics firm Statcounter is adamant that Microsoft’s new AI-powered Bing Chat search engine, launched with a huge global fanfare six months ago, has failed to win any appreciable new market share. In February, when the new Bing was launched, its market share was 6.35% and peaked at 6.61% in March, according to Statcounter. The web analytics firm also reports that, by contrast, Microsoft Bing’s market share was typically over 7% in 2022, with a high of 7.82% in November.
Another study, also released this month, highlights the growing menace that phishing attacks now represent for businesses across all sectors. Cybersecurity firm Cloudfare reports that 71% of organizations experienced an attempted or actual business email compromise attack in 2022. Cloudflare’s study drew on over 279 million email threat indicators, 250 million malicious messages, and more than a billion instances of brand impersonation from emails processed between May 2022 and May 2023 and found the method used in roughly a third of all threats was deceptive links.
