In a bid to trick as many people as possible, scammers always want to make their fake emails look like the real deal. As such, both Microsoft and Google are seeing a wave of cybercriminals using their platforms to launch attacks on the general public.
Why Scammers Use Microsoft and Google Services
Proofpoint raised the alarm over malicious agents abusing legitimate services to carry out phishing attacks. The organization claims that scammers use "Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage" as their main operation platforms.
The figures Proofpoint report on are staggering:
Last year, 59,809,708 malicious messages from Microsoft Office 365 targeted thousands of our customers. And more than 90 million malicious messages were sent or hosted by Google, with 27 percent sent through Gmail, the world’s most popular email platform.
In Q1 2021, we observed seven million malicious messages from Microsoft Office 365 and 45 million malicious messages from Google infrastructure, which far exceed per quarter Google-based attacks in 2020.
Proofpoint claims that these phishing campaigns outdid all botnets in 2020, which shows just how much phishing is going on.
So, why are scammers using Microsoft and Google services? The answer lies in making the phishing email as convincing as possible.
Modern-day email providers have automatic spam filtering set up, and any suspicious-looking mail is whisked away to the spam folder the moment it arrives. Even if it does make it into the inbox, it has to convince the victim to click on malicious links or attachments.
That's why scammers gravitate toward official services. With a proper-looking email address, they have a far better chance of getting through both the spam blocker and the user's mistrust.
As such, you should never trust an email based on the address alone. Just because it's from "onmicrosoft.com" or "gmail.com" doesn't mean it's actually from Microsoft, Google, or a legitimate organization that uses either service.
Always keep an eye on the small details and double-check everything to ensure that the sender is legitimate. Phishing attacks are getting pretty advanced in recent years, so it's vital to keep your wits about you and catch them before they catch you.
Scammers are Spreading the Net Wide for Phishing Attacks
As the world moves more toward using cloud-based services, so too do the scammers. Cybercriminals use legitimate domains to launch their vast phishing campaigns, so be sure to give every email a once-over before clicking on links and attachments.
Even if you do fall for a phishing attack, it's not the end of the world. As long as you act fast and change your passwords before the hackers get in, you can protect yourself even after falling into a trap.
Image Credit: MicroOne/Shutterstock.com