Microsoft, Paypal among most impersonated brands in phishing attacks in 2023

Edward G. | October 05, 2023

Brand impersonation is a tactic widely used by cybercriminals in phishing attacks, as it reliably exploits the familiarity of big companies to undermine the caution of potential targets.

According to data presented by the Atlas VPN team, Microsoft was by far the most impersonated brand by cybercriminals in 2023. The global technology company’s likeness was spoofed over 650,000 times, accounting for 4.31% of all phishing attacks among 350 brands.

Some other reputable companies were present in the top three, including one of the most well-established and widely used digital payment systems, PayPal (1.05%) and social media giant Facebook (0.68%).

The numbers are based on a report by Abnormal Security, which examined internal data on intercepted phishing emails to determine the most impersonated brands this year.

Cloud-based electronic signature technology provider DocuSign (0.48%) ranked fourth, while financial and business management company Intuit (0.39%) and the world's leading logistics company DHL (0.34%) landed in fifth and sixth place, respectively.

Other brands among the top ten include computer security software company McAfee (0.32%), leading internet search engine Google (0.30%), the world’s largest online retailer Amazon (0.27%), and the largest database management company worldwide, Oracle (0.21%).

By impersonating well-known brands like the ones listed above, cybercriminals reliably leverage the victim’s trust and undermine their caution, making it easier to trick them into giving up account credentials or exposing them to malware via malicious links. 

Fraudsters usually achieve this by collecting public information through corporate websites and social media accounts, scouting targets with access to sensitive information and credentials. Imposters can then create a message that masks itself as a message from the impersonated brand to solicit information from said targets. 

The mass nature of phishing campaigns means no business is exempt from being targeted. Around 92% of organizations surveyed for a 2023 report on email security stated having suffered from a phishing attack in the previous 12-months, leading to financial losses and reputational damage.

Spotting a fraudulent email from a big brand

In brand phishing, criminals try to imitate a well-known brand by using similar assets: email template, logo, and domain name. A link to a fake website — designed to accurately replicate the original — is often also included and contains a form intended to steal users’ credentials, payment details, or other personal information.

Due to the sheer size and recognizability of Microsoft, the brand has been imitated in previous phishing campaigns numerous times. During one such string of attacks, account holders received emails claiming unusual sign-in activity on the recipient's Microsoft account. They included the country/region, IP address, date, platform, and browser.

The phishing emails urged recipients to review their recent activity by clicking on a provided link to address this supposed security concern. The link however led to a malicious website unrelated to Microsoft.

So what could have given away the fraudulent nature of these emails?

  • Sender address: In an attempt to appear legitimate, cybercriminals often imitate the email domains of a reputable company. However, they are rarely exact matches: be mindful of subtle adjustments of the original domain name, such as the letter ‘O’ replaced by the number ‘0’ or the letters ‘r’ and ‘n’ used instead of an ‘m’. This is a common trick employed by scammers. Be sure to check previous correspondence with the brand to see the correct email address or contact the brand through their official website to confirm the legitimacy of the communications you've received.
  • Urgent call to action: Be suspicious of emails that claim you must click, call, or open an attachment immediately. Often, phishers will create a sense of danger (in this case, suspicious activity) to encourage a quick, impulsive reaction. It is done so you refrain from examining the email in detail or consulting with a trusted advisor who may warn you.
  • Suspicious links: Avoid opening any links or attachments you see on a suspicious email. Instead, hover your mouse over the link to see if the address matches the link typed in the message. If it does not appear to be affiliated with the company’s main website, it is best to avoid clicking.

Although the quality of phishing attacks continues to rise alongside their frequency, there always remain a handful of tell-tale signs that an email is fraudulent. Noticing them in time could be the difference between becoming a victim and protecting yourself and your colleagues.

Edward G.

Edward G.

Cybersecurity Researcher and Publisher at Atlas VPN. My mission is to scan the ever-evolving cybercrime landscape to inform the public about the latest threats.



© 2023 Atlas VPN. All rights reserved.