The number of phishing emails that masquerade as notifications from Microsoft services is skyrocketing, a new report from Check Point has warned.
In the report, the researchers said that just in September, its service caught more than 5,000 such emails - and to make matters worse, the attackers he gotten extremely good at creating a legitimate-looking email.
The usual suspects - spelling and grammar, color scheme, the email’s outline - all of these things he been brought to perfection: “The language is perfect. The style is familiar. The graphics look impeccable,” the researchers said. “So, what should organizations do?” Furthermore, these emails now come with copy-pasted Microsoft privacy policy statements, or links to Microsoft and Bing, all of which makes spotting the ruse with the naked eye almost impossible.
You may like
Hackers are looking to steal Microsoft logins using some devious new tricks - here's how to stay safe
AI-powered phishing attacks are on the rise and getting smarter - here's how to stay safe
Hook, line and sinker: how to detect and protect your business from phishing attacks
Training and AIUltimately, even the ‘sender’ field in the email looks believable now. Instead of the usual private, or unknown domains, these emails appear to be coming from organizational domains impersonating legitimate administrators.
All of this means there is a higher chance of organizations losing sensitive information, or becoming infected with malware and even ransomware.
In response, organizations need to invest heily into user awareness training, since employees will no longer be able to hunt for spelling and grammar mistakes in phishing emails, Check Point argues.
Also, they should deploy AI-powered email security, essentially fighting AI with AI, and finally, always keep their software and hardware updated.
Are you a pro? Subscribe to our newsletterSign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.We would add that deploying multi-factor authentication wherever possible, and even pivoting towards zero-trust network architecture, can only help in today’s diverse landscape.
More from TechRadar ProNew method for phishing discovered for Android and IPhone usersHere's a list of the best firewalls todayThese are the best endpoint protection tools right now