Vade Secure recently reported on the most commonly impersonated brand; it showed that Microsoft has taken the lead for the past five quarters straight; followed by PayPal and Facebook.

What you should know:

               What is Phishing? Phishing is the act of deceiving or impersonating, intending to falsely acquire sensitive information. Such as login credentials, credit card numbers, social security numbers, etc.. This can be done in a multitude of ways, but the most commonly seen is the impersonation of website login in pages. It is easy to get taken to false login pages if the URL is typed in even minutely wrong. I.e. if you want to login to say, Microsoft online, you would open your web browser, Chrome or Edge, and type in https://login.microsoftoffice.com. But let us say you misspelled the URL and instead typed https://login.mirosoftonline.com this simple mistake is exactly what a phisherman is looking for. They will pay for these website domains, and design them to look exactly like the Actual Microsoft login page. This method is so overt, it’s covert. As we cruise through the web we are looking for speed. This makes it easy for us to overlook pages like the login page. 

Large enterprises’ proclivity to Office 365 is only one reason it is impersonated so often. It is also because the Office 365 credentials allow access to all the services Microsoft offers, including but not limited to: Skype, Excel, Word, Teams, and One Drive. Other sites such as PayPal and Facebook have been mimicked. For obvious reasons PayPal is high up on the phishing list, the reason being: instant monetary gain through access to credit cards and other personal information PayPal records. Although Facebook is a different story. Even with the implementation of their two-factor authentication and their ability to save passwords for applications across various operating systems; they have become a huge target for phishing. The reason being is with only one set of login credentials, an unauthorized user can access all saved credentials that Facebook has for you. 

           Also, it is important
to remember that a “phishermans” bread and butter is the art of deceiving.
Don’t be fooled! This simple but eluding tactic works very effectively even if
one is diligent in avoiding scams. 

What you should do:

– Be cautious, especially when logging in to Microsoft or any
online portal. Be sure you are using the correct URL i.e. https://login.microsoftonline.com 

-Download/Install the latest Microsoft patches. This is very
important because: firstly it keeps your system up to date in terms of security
updates and patches. Also, Microsoft stops supporting older versions of Windows
10. For example, Windows 10 version 1803 will reach the end of
support on November 12th, 2019. Whereas Windows 10 1803 enterprise and
education versions reach the end of support on November 10th, 2020. When they
reach the end of support, this means that they will no longer receive security
updates or patches. Which intern means they will be vulnerable to any new
security threats that are discovered. To avoid this you must update your
computer to Windows 10 version 1903 which is the current version. This costs
nothing and can be done in half an hour or less. Please contact us if you have
any concerns about this process.

– Windward Strongly recommends that you do not reply or click
links in unsolicited emails or emails from unverified sources. Especially if
they pertain to lost passwords, and you do not remember forgetting a password.

-Microsoft, to secure their clients’ information, offers
two-factor authentication. This security measure in conjunction with your cell
phone number; texts a code when you log in online. This code must be entered to
verify your identity and log you in. This code changes every time and cannot be
hacked as long as you do not share this code with anyone. This feature should
be enabled on all Microsoft accounts. If this process does not sound familiar
please contact us to ensure your Microsoft account security.