Report: Over 20% of Phishing Campaigns Target Microsoft Users

Almost 4,000 domains and 62 phishing kit variants used to target Microsoft users were uncovered within an observation window of 262 days, according to new report by Akamai Technologies. This finding on Microsoft’s susceptibility to abuse echoes what we reported in the 2019 Trend Micro Midyear Security Roundup, where it was revealed that the number of blocked unique phishing URLs that spoofed Microsoft increased by 76% from 2018 2H to 2019 1H.

Tech companies highly targeted

Looking at 6,035 domains, the report reveals that users from tech companies were the most targeted by phishing campaigns, with users from Microsoft being the top target at 22%. PayPal, DHL, and Dropbox trail behind, accounting for 9.37%, 8.79%, and 2.59% respectively.

The popularity of Microsoft users as phishing targets is not a surprise due to the profitability of user account credentials such as the ones used in Office 365. This is because cybercriminals only require one key to the entire platform — an Office 365 credential can allow them to conduct various attacks upon account compromise.

Life cycle of phishing kits

The report also provided insights on the life cycle of 120 phishing kits (half of which targeted Microsoft users) that Akamai was able to observe. A notable pattern that emerged in 2019 was that phishing kits have shorter life span — more than 60% of the monitored kits were active for only 20 days.

But despite a shorter life span, phishing campaigns can still yield hundreds of victims. A few hours can still generate a net profit for cybercriminals after covering the costs of domains, phishing kits, and hosting.

Security recommendations

While an old trick, phishing is still an effective method that cybercriminals utilize to fuel their malicious quests. To stay protected, users can look into the following best practices to identify phishing attacks.

  • Emails should be examined for grammatical errors and spelling mistakes.
  • URLs in the email should be closely examined. An embedded URL might seem perfectly valid, but hovering above it might show a different website address.
  • The email sender’s display name should be given a closer look to check the email’s legitimacy.
  • Be cautious of emails from individuals or organizations that ask for personal information.
  • Be wary of emails that call for urgent action or have an alarmist tone.

Organizations, for their part, can adopt advanced technologies to defend against phishing attacks. For example, the Trend Micro™ Cloud App Security, which detected and blocked 2.4 million credential phishing attacks in 2019 1H, uses artificial intelligence (AI) and computer vision technology to help detect and block phishing attacks that use brand impersonation by checking if a legitimate login page’s branded elements, login form, and other website components are being spoofed. 


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.