Impersonation attacks under the name of Microsoft and Google are increasing more than ever before, according to Check Point Research’s Q3 Phishing Report. Impersonation attacks refer to phishing emails that seem to be from authentic sites like Google and Microsoft but are sent by attackers to gather sensitive information from victims out there.
Impersonation of Microsoft, Google on the rise
According to researchers, the difference between Q2 and Q3 is very dramatic. It means more and more people have phishing-based emails from Microsoft and Google in this quarter.
The company has also detailed some of the reasons why the past quarter saw such a rise in impersonation attacks. They say that the work-from-home environment has made many people distracted and that cybercriminals are taking advantage of this scenario.
Now that people are using Google services and Microsoft products more than ever, users often fail to understand which email is legitimate and not. Researchers add that the same thing would not have happened if people were in an office environment, where there are proper borders and time limits.
The security analysis company also emphasizes equipping email security with a better ability to detect and block phishing attacks. This is because the attackers use these phishing emails as only the first step in a series of privacy violations.
“The increase in phishing emails in Q3 of 2020 is one of the most prominent trends of the Work-From-Home era. Cyber criminals are well aware of the distractions people are dealing with while trying to work and be productive from home. Combined with the enormous amount of emails employees receive every day, the recipe for a successful email phishing campaign is complete,” Check Point said.
Once the victim falls into the pit and submits the sensitive data, the attackers will then use the data to intrude into the user’s life, stealing money, among other things. It should also be noted that the increasing popularity of the Microsoft 365 Suite and G Suite has also contributed to this frightening situation.
Only email security won’t be enough to stay secure from these attackers. Considering that the work-from-home environment would continue for a few months, steps should be taken to educate employees and other users about phishing attacks’ potential dangers.
Only this development of discretion will keep sensitive information as safe as it should be. In other news, a Russian hacker has now started selling the Microsoft 365 account credentials of C-level employees from companies worldwide. This again proves that people are indeed falling for these impersonation scams.