Most of us are pretty trusting of emails from Microsoft and often open them without thinking twice.
Putting our confidence in the fact that they’re one of the biggest tech companies in the world.
But what if that email isn’t really from Microsoft?
Cyber criminals often exploit trust like this to trick people. Research shows that Microsoft is the most impersonated company when it comes to phishing scams. With 36% of brand related phishing attacks being from criminals pretending to be Microsoft.
Google and Apple are next on the list. With more than half of all phishing scams made to look like they’re from the three tech giants.
So, what can you do to stay safe?
Before we get to that, let’s look at what phishing is.
Phishing is when a criminal sends you an email, text or message which looks like it’s from a real credible company.
The aim is to get you to click a link, open a malicious attachment, hand over sensitive information, or give them your full identity details.
From there, things can get nasty: theft of funds, hacked systems, and access to confidential information.
Unfortunately, phishing scams are becoming more sophisticated and harder to spot. Cyber criminals are making things a lot more professional with fewer spelling mistakes, and links that look less suspicious.
Scammers will use real company logos and setup fake sites that look like the real thing. They even spoof email addresses so the email looks like it’s directly from Microsoft, Google, or Apple.
In fact, recent research shows in increase in Mastercard scams. Where people are being directed to fake Mastercard sites and entering their details.
Cyber criminals are always finding new ways to trick people and catch them out.
So, how can you tell if that email is really from Microsoft?
The first thing is to slow down and stay aware.
Real emails from companies like Microsoft won’t pressure you and scare you into taking immediate action to stop things like ‘your account being locked’. Language like this should put you on alert and prompt you to assess the email more thoroughly.
Double check the sender’s email address. A closer look may reveal some differences to an official email address. Like “micros0ft.com” instead of “microsoft.com”. Scammers rely on you not picking up on these small differences.
And, if the email looks suspicious don’t click on any links. Instead, navigate to the official site via your browser and try find the page manually.
These extra steps and scepticism can feel like a hassle. But the inconvenience is a small price to pay, compared to cleaning up after a cyber-attack.
Phishing scams are improving all the time. That’s why it’s crucial to:
- Be vigilant
- Protect yourself with appropriate cyber security tools
- Use additional forms of verification like multi-factor authentication (where you need to use additional forms of ID to login)
The bigger a brand, the more likely it will be used as cover by scammers. Remember to take you time when checking emails, because the next one from “Microsoft’ may be a trojan horse.
If you’d like help to get better protected against phishing scams. Reach out to us.
Leave a comment!