Microsoft: “A Phishers Favorite”

Vade Secure recently reported on the most commonly impersonated brand; it showed that Microsoft has taken the lead for the past five quarters straight; followed by PayPal and Facebook.

What you should know:

               What is Phishing? Phishing is the act of deceiving or impersonating, intending to falsely acquire sensitive information. Such as login credentials, credit card numbers, social security numbers, etc.. This can be done in a multitude of ways, but the most commonly seen is the impersonation of website login in pages. It is easy to get taken to false login pages if the URL is typed in even minutely wrong. I.e. if you want to login to say, Microsoft online, you would open your web browser, Chrome or Edge, and type in https://login.microsoftoffice.com. But let us say you misspelled the URL and instead typed https://login.mirosoftonline.com this simple mistake is exactly what a phisherman is looking for. They will pay for these website domains, and design them to look exactly like the Actual Microsoft login page. This method is so overt, it’s covert. As we cruise through the web we are looking for speed. This makes it easy for us to overlook pages like the login page. 

Large enterprises’ proclivity to Office 365 is only one reason it is impersonated so often. It is also because the Office 365 credentials allow access to all the services Microsoft offers, including but not limited to: Skype, Excel, Word, Teams, and One Drive. Other sites such as PayPal and Facebook have been mimicked. For obvious reasons PayPal is high up on the phishing list, the reason being: instant monetary gain through access to credit cards and other personal information PayPal records. Although Facebook is a different story. Even with the implementation of their two-factor authentication and their ability to save passwords for applications across various operating systems; they have become a huge target for phishing. The reason being is with only one set of login credentials, an unauthorized user can access all saved credentials that Facebook has for you. 

           Also, it is important to remember that a “phishermans” bread and butter is the art of deceiving. Don’t be fooled! This simple but eluding tactic works very effectively even if one is diligent in avoiding scams. 

What you should do:

– Be cautious, especially when logging in to Microsoft or any online portal. Be sure you are using the correct URL i.e. https://login.microsoftonline.com 

-Download/Install the latest Microsoft patches. This is very important because: firstly it keeps your system up to date in terms of security updates and patches. Also, Microsoft stops supporting older versions of Windows 10. For example, Windows 10 version 1803 will reach the end of support on November 12th, 2019. Whereas Windows 10 1803 enterprise and education versions reach the end of support on November 10th, 2020. When they reach the end of support, this means that they will no longer receive security updates or patches. Which intern means they will be vulnerable to any new security threats that are discovered. To avoid this you must update your computer to Windows 10 version 1903 which is the current version. This costs nothing and can be done in half an hour or less. Please contact us if you have any concerns about this process.

– Windward Strongly recommends that you do not reply or click links in unsolicited emails or emails from unverified sources. Especially if they pertain to lost passwords, and you do not remember forgetting a password.

-Microsoft, to secure their clients’ information, offers two-factor authentication. This security measure in conjunction with your cell phone number; texts a code when you log in online. This code must be entered to verify your identity and log you in. This code changes every time and cannot be hacked as long as you do not share this code with anyone. This feature should be enabled on all Microsoft accounts. If this process does not sound familiar please contact us to ensure your Microsoft account security.