Microsoft Continues as Most Impersonated Brand in 2023

Of the over 350 brands regularly impersonated in phishing attacks, Microsoft stands out because it provides attackers with one unique advantage over other brands.

The idea behind impersonation is to establish the illusion of legitimacy for a phishing email. This lowers the “defenses” of the email recipient, allowing social engineering tactics to take effect and to get the victim to interact with the email.

According to Abnormal Security’s latest 2023 phishing trending data, Microsoft is the most impersonated brand this year. What’s interesting is that emails impersonating Microsoft only represent about 4.31% of all phishing attacks. This seems low when we’ve covered similar data from Checkpoint, where Microsoft represents 29% of the attacks.

The disparity lies in what the percentages represent. In Abnormal’s case, it’s 4.31% of all phishing attacks (that is, the sum of both those that use impersonation and those that don’t). In contrast, the Checkpoint data represents 29% of all impersonation phishing attacks. While we can’t corroborate the data perfectly, the findings align.

So, why is Microsoft the top brand? Sure, its M365 platform is widely used, but so is UPS or LinkedIn. The reason comes down to what’s of value on the other end of a phishing scam. In Microsoft’s case, it’s credentials.

Credential harvesting is huge with Initial Access Brokers, and a single M365 user credential provides access to a minimum of an email account (for additional BEC attacks) and potentially access to data, applications, and other corporate resources.

So, if your organization is using Microsoft 365, you need to educate users through security awareness training about the dangers of fake Microsoft-branded emails that ask the user to log onto the platform – they are likely phishing scams intent on stealing credentials.

Information used in this article was provided by our partners at KnowBe4.