Microsoft users are being warned about a record number of phishing scams. New research has revealed that the makers of Windows 10, Windows 11, Outlook and Word are the most impersonated company when it comes to phishing scams. This news comes courtesy of Atlas VPN, who analysed data on scams carried out in 2021.
The VPN provider found that Microsoft was the most impersonated company when it comes to phishing scams, accounting for over a third (36.6 percent) of threats.
Phishing scams, if you’re not already aware, are when scammers pose as a legitimate company in an attempt to trick users into handing over sensitive data.
This is usually done by scarring a victim into handing over personal data, for instance by claiming an attack is being carried out, or there account is at risk for some reasons.
Among the products that scammers have targeted are Microsoft accounts, which are used for Windows and Outlook among other things, as well as logins for OneDrive and 365 Office.
Interestingly, the second most popular phishing scam Atlas VPN noted was to do with illegal streaming services.
Usage of these sites increased due to the coronavirus pandemic with people that were staying at home looking for something to entertain them, and turning to illicit sites to access movies and boxsets illegally for free.
According to Atlas VPN, some 13.6 percent of phishing attacks in 2021 were to due with illegal streaming sites. While in third place were phishing scams that took advantage of people’s concerns around Covid-19. Such scams could have involved fake emails claiming to offer people a coronavirus vaccine.
Other phishing scams that were popular in 2021 were based around Amazon, PayPal, WhatsApp, Facebook and more.
Speaking about the threat, Vilius Kardelis – the cybersecurity writer at Atlas VPN – said: “Phishing attacks require the user to recognize and evaluate the potential danger. However, people are prone to making mistakes, and a well social engineered attack could trick almost anyone. Therefore, being aware of how phishing attacks work is essential when mitigating threat risks.”
If you have received an email that you think is a phishing scam but aren’t 100 percent sure you can simply get in touch with the organisation in question to double check if it’s an official correspondence.
While this will take you a little bit of time you would lose more time and have to deal with plenty more stress if you did unfortunately fall victim to such a scam.
Besides stealing sensitive details such as usernames and passwords, phishing scams can lead to bank details being stolen – which can lead to you potentially losing a lot of money.
If you receive a phishing scam email you can report it to Action Fraud, the UK’s national fraud and cyber reporting centre.
Action Fraud also has information on its site to help you spot a scam email before you fall victim to it. Here are things to lookout for…
– The sender’s email address doesn’t tally with the trusted organisation’s website address
– The email is sent from a completely different address or a free web mail address
– The email does not use your proper name, but uses a non-specific greeting like “dear customer”
– A sense of urgency; for example the threat that unless you act immediately your account may be closed
– A prominent website link. These can be forged or seem very similar to the proper address, but even a single character’s difference means a different website
– A request for personal information such as user name, password or bank details
– The email contains spelling and grammatical errors
– You weren’t expecting to get an email from the company that appears to have sent it
– The entire text of the email is contained within an image rather than the usual text format
– The image contains an embedded hyperlink to a bogus site