That Microsoft site you’re visiting may be a phishing page
Microsoft is rich pickings for scammers, according to a new report.
Phishing has fast become one of the key ways that cybercriminals manage to gain access to victims’ details and launch attacks, including ransomware, that lock data behind a key and require payment to release it. But how people fall victim to such phishing attacks is less obvious. New data from the Agari Anatomy of a Compromised Account report does give an indication of this, however.
If you’re logging onto a web page purporting to be a Microsoft login page, think twice before putting in your details. It could well be a scam.
In all, 73% of phishing pages identified by cybersecurity firm Agari are impersonating Microsoft product-related pages.
That proportion isn’t hugely surprising, given the role Microsoft and its products play in our day-to-day lives, but it does show how central spoofing the brand is to cybercriminals looking to gain access to our lives.
Cybercriminals impersonated Microsoft account login pages in 60% of phishing sites, according to the data analysed. A further 8% faked Microsoft SharePoint login pages, which was used as a launching pad for cybercriminals looking to wreak havoc on a person’s file system. Once in control of the account, the attacker uploads a malicious file and then changes the file’s sharing permission to ‘public,’ allowing anybody to spread the link further.
Microsoft is the key target
A further 5% of pages spoofed were purportedly belonging to Microsoft Office 365 and OneDrive. “One of the most common issues in email security is business email compromise (BEC),” says Atlas VPN’s Vilius Kardelis. “With access to Microsoft accounts, cybercriminals can deliver emails, host malicious pages, or create malicious documents, which allows them to spread their attack more efficiently. Multi-factor authentication on work-related accounts should be mandatory to mitigate the risk.”
The data comes from pages analysed by Agari over the course of six months between October 2020 and March 2021, when the company seeded credentials into more than 8,000 unique phishing sites. This gave them an unparalleled insight into how these attacks are launched, and the brands and logos that are impersonated by the company along the way.
Once someone gives away their details, attacks are launched quickly.
50% of compromised accounts get accessed by malicious hackers in 12 hours.
And in a week, nine out of 10 accounts are fully taken over by threat actors once they’ve been ensnared by the system.
Rapid action to take over accounts
While half of accounts that have been compromised are accessed by hackers within 12 hours, a staggering 23% are taken over immediately after someone has fallen foul of the scam. Automated scripts are believed to help attackers test the credentials they’ve obtained immediately, and to gain access to compromised accounts without much fuss.
There were other brands impersonated alongside Microsoft, the data analysed by Agari showed.
Threat actors imitated Adobe Document Cloud login pages in 26% of phishing websites.
It all adds up to an alarming cocktail of news, and something that ought to be carefully monitored and have people be conscious of the risks involved. For those operating business emails, it’s vital to train staff on how to spot phishing scams, and to encourage employees to think twice before handing over any information – even to what looks like a reputable source, because it often isn’t.