ATTENTION MICROSOFT USERS!

If you are someone who contributes to the nearly 50% of the world’s organizations who use Office 365, you want to read this!

Because of the continued increase in the number of companies in the world using Microsoft software, cybercriminals are increasingly shifting their focus to using Microsoft’s identity in their phishing scams. Microsoft has become the leading choice of identity when it comes to deceptive phishing scams.

The IT Company is not choosing to share this information with you to scare you or turn you away from Microsoft. We believe Microsoft speaks for itself with its efficiency and capabilities, and there is a strong reason for why it has taken over a good majority of the world’s businesses. We intend not to scare you away from Microsoft, but rather bring you awareness of this topic so your business can continue to use Microsoft, while protecting you and your business.

In Agari’s (reliable security firm) Q1 2019 Email Fraud & Identity, they find evidence supporting that 8 out of 10 email scams with the target of high-value executives, contained the presence of Microsoft’s false identity. Agari’s evidence also found that an overall 44% of all identity deception phishing scams used Microsoft as their identity.

The IT Company has referenced KnowBe4 in several of our technology topics. Last week they reported on this topic as well, summarizing the Agari Report regarding the tactics behind brand deception scams as followed:

  • 50% portray a brand using email display names.
  • 13% portray an individual using email display names
  • 17% use lookalike domains
  • 20% leverage compromised accounts

If you are a Microsoft user, the chances are you will be presented one of these deceiving scams. Before your company falls victim to these scams, take the time to educate your people. And while Microsoft users are at much higher risk and there is a high focus on them currently because of the increase of cybercriminals really targeting Microsoft’s identity, they are not the only ones. Any user can be deceived through these identity deception phishing scams. Other common brands being used for deception include the IRS, Amazon, and AT&T.

So what can you do? IT Companies, including ourselves, are constantly promoting the need of Security Awareness Training. We can’t say it enough; train, train, and train again all of your employees. The more aware they are of what to be skeptical of, the better off your company will be.

Security Awareness is something that should be at the center of your company.