Why do scammers love to imitate Microsoft's websites in their phishing attacks?

Microsoft has recorded yet another height when it comes to phishing attacks, and that’s not for a good reason. The Redmond tech giant reportedly tops the list of companies that bad actors imitate to try to scam people out of their information.

Check Point Software Technologies revealed in its report this week that Microsoft scored an overwhelming 38% percentage in total attempts in the first quarter of 2024. Google and LinkedIn follow in second and third respectively by 11% each.

For example, as the report reveals, Microsoft is targeted by a phishing campaign using deceptive emails with varied subjects. Recipients are directed to a fake Outlook login page (b542df20-c26b-4c27-8ab9-9584ed34b2f4-00-16s5vbpwefi3f.riker.replit.dev) aiming to steal their credentials. 

And as for the “why” question, Check Point suggests that the reason for this is probably because technology brands, such as Microsoft, are widely used in offices and remote work setups, making them attractive targets for accessing company assets.

Microsoft has yet to make a response to this survey. But, earlier last month, the company published yet another worrying trend amidst the tax season. 

The company observed a campaign using tax-related document lures this year, which targeted green card holders, small business owners, or even new/older taxpayers. The phishing email contained an HTML attachment leading to a fake landing page, where malware was installed upon clicking “Download Documents,” stealing login credentials.

And as the AI boom happens all around the corner of the world, and so does worry about the tech being used in sinister manners. With OpenAI, Microsoft has begun cracking down on fake accounts and AI used by bad actors to sway opinion & gather intelligence.