Microsoft most impersonated brand in phishing attacks in 2023

 

The global technology company’s likeness was spoofed over 650,000 times, accounting for 4.31% of all phishing attacks among 350 brands.

 

Some other reputable companies were present in the top three, including one of the most well-established and widely used digital payment systems, PayPal (1.05%) and social media giant Facebook (0.68%).

 

Cloud-based electronic signature technology provider DocuSign (0.48%) ranked fourth, while financial and business management company Intuit (0.39%) and the world’s leading logistics company DHL (0.34%) landed in fifth and sixth place, respectively.

 

Other brands among the top ten include computer security software company McAfee (0.32%), leading internet search engine Google (0.30%), the world’s largest online retailer Amazon (0.27%), and the largest database management company worldwide, Oracle (0.21%).

By impersonating well-known brands like the ones listed above, cybercriminals reliably leverage the victim’s trust and undermine their caution, making it easier to trick them into giving up account credentials or exposing them to malware via malicious links.

 

Fraudsters usually achieve this by collecting public information through corporate websites and social media accounts, scouting targets with access to sensitive information and credentials. Imposters can then create a message that masks itself as a message from the impersonated brand to solicit information from said targets.