Microsoft Lures Populate Half of Credential-Swiping Phishing Emails
According to a Tuesday report by Cofense, cybercriminals are increasingly using Microsoft services such as Outlook, Teams, and Office to launch themed phishing attacks and steal credentials from their targets. According to Cofense, almost half of phishing attacks in 2020 aimed to steal Microsoft credentials using lures related to the tech giant. Cybercriminals used Microsoft offerings such as Office 365 to create convincing spoofed emails and the company’s Team’s collaboration platform to make victims believe they were connecting with colleagues.
For its Tuesday report, Cofense analyzed millions of emails related to various attacks, finding that 57% were phishing emails aiming to steal credentials. The rest of the malicious emails were primarily business email compromise (BEC) attacks seeking to deliver malware to victims. Cybercriminals are allegedly relying more and more on Microsoft-themed lures for their emails, as well as ensuing phishing landing pages or spoofed Microsoft domains.