68M Email Scams: Microsoft Tops the List of Most Impersonated Brands in 2023

Phishing is on the rise, and anyone who uses email, text messaging, and other forms of communication is a potential victim. According to Stocklytics.com, Microsoft is the most impersonated brand in 2023, with a staggering 68M fraudulent emails attributed to it.

Stocklytics financial analyst Edith Reads commented on the findings:

One reason Microsoft is impersonated so frequently is due to the value of its credentials. A single M365 user credential grants access to an email account and potentially to data, applications, and other corporate resources. Fraudsters leverage this by gathering public information from corporate websites and social media, crafting messages that mimic those from the impersonated brand to solicit information from targets.

Stocklytics Financial Expert, Edith Reads

While Microsoft’s phishing stats stand out, Adobe also finished 2023 as a perennial phishers’ favorite. Other often exploited brands include DHL, Google, AOL, Docusign, and  Amazon.

The widely recognized package delivery brand DHL entered the top ten, possibly due to increased activity during the November shopping month. On the other hand, Amazon’s ranking was largely attributed to the annual Amazon Fall Prime Day sale scheduled during the second week of October.

Why is Microsoft the Top Brand?

Phishing is a type of cybercrime whereby cyber criminals send spam messages containing malicious links designed to get targets to either download malware or follow links to spoof websites. Email phishing reigns as the most prevalent, with an estimated 3.4 billion phishing emails sent every day. However, cybercriminals employ various types of phishing attacks to exploit unsuspecting victims, including Spear phishing, Whaling, Smishing, Vishing, and Angler phishing.

Cybercriminals widely target Microsoft’s M365 platform not only because of its widespread usage but also due to the high value associated with the credentials at the other end of a phishing scam.

Threat actors connected to Storm-1575, use the Dadsec platform to conduct widespread phishing of global organizations to steal Microsoft 365 credentials. These threat actors are using Cyber Panel, an open-source web development panel, and hundreds of Domain Generated Algorithm (DGA) domains that are created daily to host credential harvesting pages.

The threat actor that Microsoft tracks as Storm-1575 is behind the development, support, and sale of Dadsec, a phishing-as-a-service (PhaaS) platform responsible for some of the highest volumes of phishing attacks tracked by Microsoft since it was initially seen in May 2023.

— Microsoft Threat Intelligence (@MsftSecIntel) October 13, 2023

Financial Services Industry Tops Most Impersonated Sector

2023 proved to be another typical year for financial services, with the industry retaining its status as the most impersonated by hackers. The sector led all others in terms of total unique phishing URLs (64,009 or 32% of the overall total), followed by social media (51,183 or 26%), cloud (43,350 or 22%), Internet/telco (19,291 or 10%), e-commerce/logistics (17,882 or 9%), and government (1,903 or 1%). 

It’s wise to stay up to date on the latest phishing techniques. Cybercriminals constantly evolve their methods, so individuals need to be on alert. Additionally, one can use anti-phishing software and other cyber security tools to protect against potential attacks and keep personal and work data safe.