Skip to main content

Microsoft Security reports a massive increase in malicious phishing scams

Microsoft’s Security team analyzes more than 6.5 trillion security signals a day to identify trends that could affect the digital landscape that we all live in. After scanning more than 470 billion email messages that have been sent and received by customers of its Office 365 platform, the company reports that malicious phishing attacks are on the rise, and not by a small margin — by a massive 250 percent. Worse, techniques used by scammers are becoming more proficient and harder to detect.

In Microsoft’s Security Intelligence Report — Volume 24, the team acknowledged that technology such as machine learning has been able to reduce a significant number of phishing attacks from succeeding, however, these manipulative attacks are still on the rise. Scammers who are choosing to run phishing attacks, a practice that aims to deceive a user and request sensitive information while masquerading as a trustworthy entity, have also begun to step up their game by diversifying their attacks.

Recommended Videos

According to Microsoft’s report, techniques used by phishers include domain spoofing, domain impersonation, user impersonation, text lures, credential phishing links, phishing attachments, and links to fake cloud storage locations. Using these methods phishing emails can appear to be sent from official domains or personal while presenting malicious files and links for a user to access. Emails may also contain malicious file attachments to aid the process.

Please enable Javascript to view this content

When accessing your email, it is essential to take precautions against phishing — a practice that targets both individuals and businesses. Never send sensitive information such as bank account information or passwords within an email, and always be sure to check the address from which an email was sent carefully. If ever in doubt, contact the person or institution in question to verify if they had sent you a legitimate email or if it might be fraud.

Microsoft’s report also revealed information on malware attacks such as ransomware and crypto jacking. Overall, users encountering malware have decreased by around 34 percent from last year. Microsoft notes that many malicious organizations chose to abandon high-maintenance ransomware attacks for more low-effort, and lucrative, crypto-jacking campaigns — an attack in which malware is unknowingly installed onto a user’s machine, using its resources to generate cryptocurrencies for the attacker.

Michael Archambault
Former Digital Trends Contributor
Michael Archambault is a technology writer and digital marketer located in Long Island, New York. For the past decade…
Microsoft accidentally released 38TB of private data in a major leak
A large monitor displaying a security hacking breach warning.

It’s just been revealed that Microsoft researchers accidentally leaked 38TB of confidential information onto the company’s GitHub page, where potentially anyone could see it. Among the data trove was a backup of two former employees’ workstations, which contained keys, passwords, secrets, and more than 30,000 private Teams messages.

According to cloud security firm Wiz, the leak was published on Microsoft’s artificial intelligence (AI) GitHub repository and was accidentally included in a tranche of open-source training data. That means visitors were encouraged to download it, meaning it could have fallen into the wrong hands again and again.

Read more
Hackers are sending malware through seemingly innocent Microsoft Teams messages
Microsoft Teams

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called "DarkGate Loader" has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads "changes to the vacation schedule." Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Read more
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more