New Microsoft Scam Emails Bring Brand Impersonation Risk into Focus

August 27, 2021
a man peers over his glasses at information on a computer screen

A fresh batch of Microsoft scam email is coming to an inbox near you. Cybercriminals love to take advantage of opportunities, and with huge growth in the volume of email that we’re sending every day and people continuing to work remotely in a fresh round of pandemic trouble around the world, they’re looking at several good ones right now. Three audacious new phishing frauds have been making the rounds and they’re circulating through businesses to catch unwary users.  


See how to avoid cybercriminal sharks, phishing & ransomware in Phishing 101. DOWNLOAD IT>>


How Often Will Businesses See a Microsoft Scam? 

What brands do bad actors choose to imitate the most? The smart money is always on brands that businesses trust and brands that employees interact with regularly, especially if it’s the kind of company that sends frequent routine updates. The list of the most imitated brands of 2020 clearly illustrates the social engineering effort that goes into brand impersonation, and Microsoft is the king of the castle. 

Most Spoofed or Impersonated Brands

  • Microsoft (45 %) 
  • DHL (18 %) 
  • LinkedIn (6 %) 
  • Amazon (5 %) 
  • Rakuten (4 %) 
  • Ikea (3 %) 
  • Google (2 %) 
  • PayPal (2 %) 
  • Chase (2 %) 
  • Yahoo (1 %) 

Learn more about adding to your security team without adding to your headcount. FREE EBOOK>>


Why Are Bad Actors Are Running So Many Brand Impersonation Scams 

Brand impersonation is one of the oldest tricks in the book but it’s still a go-to for cybercriminals because it tends to be effective. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the implications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025.   

The fact that employees are handling more email has given bad actors an unprecedented chance to score using tactics like a Microsoft scam. Brand impersonation fraud and spoofing attacks are especially dangerous because they have an advantage in social engineering. Most of us receive so many emails from companies and service providers that we deal with in the course of business every day that receiving one is a routine matter. That’s exactly why this style of attack is so dangerous – and phishing-related data breaches in the first half of 2021 have increased by an eye-popping 80%


What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>


What Microsoft Scam Should I Be Looking Out For? 

Three major Microsoft scams are circulating right now, and one deserves extra scrutiny because it bypasses Microsoft’s secure email gateway 

Renewal Reminder Danger

A new Microsoft scam that is gliding through Microsoft’s SEG is a phishing email that is masquerading as a simple, routine renewal reminder. This is not an uncommon tactic, but researchers have noted that this one is putting a slightly different spin on the theme with messages like “Business Basic is expired.”  The victim is then directed to a fake “service portal” link to enter their credentials, which are promptly stolen. The criminals finish this one up neatly by sending victims to a legitimate page for Microsoft Office, doubling down on the believability factor. This scam uses multiple social engineering tactics to manipulate employee behavior. Fear of something important getting overlooked, fear of getting in trouble for something, and the basic disguise of a familiar brand that would be likely to send emails on this theme.  

The Old “We Have Money for You” Fraud

Another phishing campaign is running a 2 for 1 special on brand impersonation. Bad actors are leveraging the brand reputation of Microsoft and a big business bank like Wells Fargo to get the job done. In this Microsoft scam, the victims receive a fake notice, detailing the steps that the victim needs to take to receive a wire transfer of money owed to their organization by Microsoft. Couched as a warning from the relevant bank that the transfer will soon expire if they don’t update relevant information to receive it, the email then directs the victim to a fake Microsoft login page that snatches their credentials. This is a variation on a classic phishing scam that uses social engineering tricks like a deadline and the fear of missing out on money that you’re owed to spur the hapless victim to act. 

Surprise Sneaky Password Stealing

In a detailed blog post, Microsoft announced that a carefully crafted spear-phishing campaign has been targeting Office 365 customers intermittently since July 2020. This ongoing Microsoft scam lures targets into handing over their Office 365 credentials using highly authentic-looking attachments. This campaign’s primary goal is to scoop up valuable data like usernames, passwords or other information about businesses like IP addresses and locations to create a viable entry point for infiltration down the road. The attackers have been careful to adjust their coding and replicate safe attachments down to the smallest detail in order to pull this one off.  


See the tide of phishing rise & fall to spot future trends in the eBook Fresh Phish. GET IT>>


What Best Practices Can Help Businesses Avoid a Microsoft Scam? 

Making sure that everyone is handling email safely with a healthy dose of caution is paramount to defending businesses against slippery phishing scams like these. Our infographic “The Safe Path to Email Security” can help get everyone on the same page to follow email best practices. 

Don’t Get Caught by a Microsoft Scam by Using Email Handling Best Practices

  • Check the top-level domain (TLD) of the message in question to confirm that the sender is using a real corporate email address for the company listed. Never trust a message that has a TLD that’s a little bit off, like “microsoftcorporate.com” instead of “microsoft.com”  
  • Always look for discrepancies between the suspicious message and a legitimate email from that company by comparing the layout, font and color palette. The header and footer may also contain clues that something is wrong. 
  • Carefully note spelling, grammar and word usage mistakes. It’s extremely rare for a corporation to send out a legitimate that’s full of weird word choices, awkward phrasing and misspellings.  Also be certain that any logos used match the real ones. 
  • Be extremely cautious about downloading an attachment, even if it looks like a legitimate invitation to get an invoice or a spreadsheet – 48% of malicious attachments are disguised as Office files. 
  • Never take a chance on an email that seems off. Employees can quickly call for backup and isolate a suspicious message to prevent others from opening it using a tool like Phish911. It is always better to be safe than sorry.  

Some companies that are commonly spoofed and impersonated have created resources that can help users determine if a message is the real deal. Microsoft is well aware that it is the most imitated brand in the world. To combat that the company has made resources available for anyone to use when determining the authenticity of communications. 


Still relying on an old-fashioned SEG? See why Graphus is better! SEE THE COMPARISON>>


How Can I Guard Against a Microsoft Scam? 

As always, the best way to defend against a potential phishing disaster like a Microsoft scam is to prevent phishing messages from slipping into an employee inbox unnoticed. Why not have that taken care of automatically?

When you’ve got Graphus on the job, you also have peace of mind that you’ve got the smart, AI-powered defender that you need in place to prevent cybercriminals from hurting your business with an innovative scam. Graphus reliably defends your business from data breach risks like phishing 24/7/365 with three powerful protective shields and security automation that stops 40% more phishing messages than the competition. 

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention. 
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.   
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.
  • SEE OUR 3 SHIELDS EXPLAINED IN AN INFOGRAPHIC=>   

Addressing the dangers of phishing is imperative for today’s businesses. One of the best ways to do that is to prevent dangerous hazards like a Microsoft scam email from reaching your employees undetected with Graphus. Schedule a demo today=> 



Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus