The number of phishing emails that masquerade as notifications from Microsoft services is skyrocketing, a new report from Check Point has warned.
In the report, the researchers said that just in September, its service caught more than 5,000 such emails – and to make matters worse, the attackers have gotten extremely good at creating a legitimate-looking email.
The usual suspects – spelling and grammar, color scheme, the email’s outline – all of these things have been brought to perfection: “The language is perfect. The style is familiar. The graphics look impeccable,” the researchers said. “So, what should organizations do?” Furthermore, these emails now come with copy-pasted Microsoft privacy policy statements, or links to Microsoft and Bing, all of which makes spotting the ruse with the naked eye almost impossible.
Training and AI
Ultimately, even the ‘sender’ field in the email looks believable now. Instead of the usual private, or unknown domains, these emails appear to be coming from organizational domains impersonating legitimate administrators.
All of this means there is a higher chance of organizations losing sensitive information, or becoming infected with malware and even ransomware.
In response, organizations need to invest heavily into user awareness training, since employees will no longer be able to hunt for spelling and grammar mistakes in phishing emails, Check Point argues.
Also, they should deploy AI-powered email security, essentially fighting AI with AI, and finally, always keep their software and hardware updated.
We would add that deploying multi-factor authentication wherever possible, and even pivoting towards zero-trust network architecture, can only help in today’s diverse landscape.
New method for phishing discovered for Android and IPhone usersHere’s a list of the best firewalls todayThese are the best endpoint protection tools right now