The COVID-19 pandemic has caused havoc not only in our real world but also in the virtual one. On the brighter side of things, it has encouraged a new work culture – working from home. This development has given a tremendous boost to Microsoft, with millions of employees working from home using one Microsoft product or the other.
Rising to the top position on the popularity charts has its downsides, as well. One is that it becomes a viable target for malicious actors to exploit. With more people using Microsoft, they have a broader net to phish. The Q3 2020 report published by Check Point Research is ample testimony that Microsoft has made a giant leap from fifth place (7% share of global phishing attempts) to top the table with a 19% overall share.
The Reasons For The Surge
In recent times, MS Office 365 has gained popularity, with many of the workforce using it for various purposes. The current pandemic has necessitated employees’ working from home. Hence, a lot of people are working with MS Office as compared to other platforms. Cyber adversaries see a potential goldmine in such a workforce. It allows them to spread their net far and wide.
The threat actors are ever ready to pounce on user vulnerabilities. As people start working from home, they need a bit of reconfiguration of the MS Office 365 credentials. Malicious actors target such transition stages to send phishing emails, asking them to reset their user IDs and passwords. With people in a hurry to get connected to their office networks, there are ample chances of them falling prey to such phishing emails. It is natural for people to let their guard down, thereby becoming easy victims of such criminals.
Microsoft – Paying The Price
Perhaps, Microsoft is paying the price for being the most popular software brand in town today. The history of phishing attempts shows that the most targeted services happen to be the most popular ones. Google is a prime example.
The statistics show that Microsoft is indeed an exalted company. During Q3 2020, email phishing constituted nearly 44% of all attacks, followed by web and mobile phishing modalities. Here is how Microsoft stands as compared to other top brand platforms.
Email Phishing – 44% Of All Phishing Attacks
Web Phishing – 43% Of All Phishing Attacks
Mobile Phishing – 12% Of All Phishing Attacks
Thus, you see Microsoft tops the charts overtaking other gigantic players such as Amazon, Google, Apple, among others. Microsoft’s share of being the top target for phishing activities is 19%, followed by DHL at a distant second with 9%.
Why Malicious Actors Are Able To Leverage Bigger Brands & How Phishing Takes Place
The primary reason for any phishing attack is user negligence. Malicious actors send bulk phishing emails to millions of people at a time. And this is where more prominent brands and organizations play a role for malicious actors; as the brand gets larger, so do the number of people who use its product, which gives cyber adversaries a broader target base.
Many people unwittingly open these phishing emails and click on links that appear to have been sent by Microsoft. As users share their MS Office 365 credentials, it becomes convenient for the malicious actors to have a field day.
One cannot remain not vigilant at all times. In Microsoft’s case, the workforce’s anxiety to be on the board as quickly as possible proved its undoing. If the users are adequately trained about spotting the malicious email and employ robust anti-phishing service, the entire system can remain secure to a significant extent.
COVID-19 has opened the doors wider for people to consider innovative ways of working. Work-from-home has become the byword in the industry today. On their part, malicious actors welcome such innovations because it gives them more opportunities to test their skills. The more the brand’s popularity, the higher the chances of it falling prey to phishing attacks. Of late, Microsoft owns the distinction of being the top-rated impersonated brand, thanks to its extreme popularity.