Skip to main content

Microsoft Security reports a massive increase in malicious phishing scams

Microsoft’s Security team analyzes more than 6.5 trillion security signals a day to identify trends that could affect the digital landscape that we all live in. After scanning more than 470 billion email messages that have been sent and received by customers of its Office 365 platform, the company reports that malicious phishing attacks are on the rise, and not by a small margin — by a massive 250 percent. Worse, techniques used by scammers are becoming more proficient and harder to detect.

In Microsoft’s Security Intelligence Report — Volume 24, the team acknowledged that technology such as machine learning has been able to reduce a significant number of phishing attacks from succeeding, however, these manipulative attacks are still on the rise. Scammers who are choosing to run phishing attacks, a practice that aims to deceive a user and request sensitive information while masquerading as a trustworthy entity, have also begun to step up their game by diversifying their attacks.

Recommended Videos

According to Microsoft’s report, techniques used by phishers include domain spoofing, domain impersonation, user impersonation, text lures, credential phishing links, phishing attachments, and links to fake cloud storage locations. Using these methods phishing emails can appear to be sent from official domains or personal while presenting malicious files and links for a user to access. Emails may also contain malicious file attachments to aid the process.

When accessing your email, it is essential to take precautions against phishing — a practice that targets both individuals and businesses. Never send sensitive information such as bank account information or passwords within an email, and always be sure to check the address from which an email was sent carefully. If ever in doubt, contact the person or institution in question to verify if they had sent you a legitimate email or if it might be fraud.

Microsoft’s report also revealed information on malware attacks such as ransomware and crypto jacking. Overall, users encountering malware have decreased by around 34 percent from last year. Microsoft notes that many malicious organizations chose to abandon high-maintenance ransomware attacks for more low-effort, and lucrative, crypto-jacking campaigns — an attack in which malware is unknowingly installed onto a user’s machine, using its resources to generate cryptocurrencies for the attacker.

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Microsoft outlines Recall security: ‘The user is always in control’
Recall promotional image.

Microsoft just released an update regarding the security and privacy protection in Recall. The blog post outlines the measures Microsoft is taking to prevent a data privacy disaster, including security architecture and technical controls. A lot of the features highlight that Recall is optional, and that's despite the fact that Microsoft recently confirmed that it cannot be uninstalled.

Microsoft's post is lengthy and covers just about every aspect of the security challenges that its new AI assistant has to face. One of the key design principles is that "the user is always in control." Users will be given the choice of whether they want to opt in and use Recall when setting up their new Copilot+ PC.

Read more
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
You definitely want to install these 90 Windows security patches
Microsoft Surface Laptop Go 3 rear view showing lid and logo.

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC's system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro's Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Read more