VadeSecure’s phishing report has named Microsoft as the most impersonated brand for the fifth quarter in a row. The email defense company analyzes phishing URLs to secure the data, with a massive 20,217 unique Microsoft URLs in 2019’s second quarter.
That puts it significantly above PayPal, with Facebook close behind it after a recent uptick in attacks. Microsoft is a popular choice for scammers given its wide product range and use in the enterprise.
“To understand why Microsoft phishing has achieved a level of sustained dominance, consider the size and growth of Office 365. In its latest quarterly earnings, Microsoft reported more than 180 million active monthly Office 365 business users. Moreover, IDC estimates that Office 365 constitutes almost half (47.6%) of enterprise cloud email implementations worldwide,” explains VadeSecure.
Office 365 credentials are lucrative to phishers, with a single point of entry providing access to emails, OneDrive, images, SharePoint documents, and more. Attackers primarily use methods like fake forms or account deactivation warnings, emulating the Microsoft site by pulling its assets.
Lots of Attacks, Few Hits
However, Microsoft noted last year that though Office has a high rate of phishing attempts, the success rate is low. It’s been active in pushing back against campaigns since 2017, adding a threat tracker tool and building in anti-spoof for Windows Defender ATP and Enterprise E5 customers.
Meanwhile, Facebook has seen a 175% increase in phishing URLs in Q2, taking it ahead of Netflix. It seems the app’s single sign-on integration could be to blame for this, as attackers can compromise an account to see the other apps and services connected to it.
The data here, of course, doesn’t include other forms of phishing, such as phonecalls. Microsoft is still a popular choice among spam callers, who attempt to gain access to a user’s PC through software like TeamViewer.