Thousands of fake Microsoft emails are being sent out to trick businesses — here’s what to look out for

Phishing emails are getting harder to spot, experts warn

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The number of phishing emails that masquerade as notifications fromMicrosoftservices is skyrocketing, a new report from Check Point has warned.

In the report, the researchers said that just in September, its service caught more than 5,000 such emails - and to make matters worse, the attackers have gotten extremely good at creating a legitimate-looking email.

The usual suspects - spelling and grammar, color scheme, the email’s outline - all of these things have been brought to perfection: “The language is perfect. The style is familiar. The graphics look impeccable,” the researchers said. “So, what should organizations do?” Furthermore, these emails now come with copy-pasted Microsoft privacy policy statements, or links to Microsoft andBing, all of which makes spotting the ruse with the naked eye almost impossible.

Training and AI

Ultimately, even the ‘sender’ field in the email looks believable now. Instead of the usual private, or unknown domains, these emails appear to be coming from organizational domains impersonating legitimate administrators.

All of this means there is a higher chance of organizations losing sensitive information, or becoming infected with malware and even ransomware.

In response, organizations need to invest heavily into user awareness training, since employees will no longer be able to hunt for spelling and grammar mistakes in phishing emails, Check Point argues.

Also, they should deploy AI-powered email security, essentially fighting AI with AI, and finally, always keep their software and hardware updated.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

We would add that deployingmulti-factor authenticationwherever possible, and even pivoting towardszero-trust network architecture, can only help in today’s diverse landscape.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Your doctor may have an AI assistant taking notes during your next Zoom call