The third quarter (Q3) results are in. Microsoft ranks number one for their star role in appearing in brand phishing attempts. It may not be a surprise, but it is important to note in quarter two (Q2), Microsoft was in fifth place.

The increase in remote workers plays a huge part in this outcome. As it is known, employees are still working from home. Although some may have made their way back to the office, most employees were in their home offices from July to September. Threat actors take advantage of societal trends and current events. They are professionals at aiming their phishing campaigns to target those whom they know will fall victim to their attack. Their fake emails indicate the victim to reset their Microsoft 365 credentials.

Providing threat actors with personal identifiable information (PII) or sensitive information allows them access to confidential material. In their attacks, threat actors do well at imitating big name brands by using similar domain name or URL and web-page designs. As a result, victims are then sent to a made-up site or login where credentials are obtained and compromised.

Microsoft was heavily leveraged in Q3 through branded emailing and web phishing attacks. These types of attacks are programmed to continue into 2021. It has been advised to pay close attention to each and every email received. Malicious links and/or attachments are bound to be in threat actors’ color palette of future attacks. Since Microsoft is widely used, it is the easiest for threat actors to create and deploy attacks using their name, colors and brand language.

SpearTip has seen a multitude of cyberattacks from this technique. SpearTip’s ShadowSpear® Platform prevents cyberattacks like this targeting the weakest link—the human. Implementing and instilling Office 365 and Exchange monitoring throughout your environment as well as endpoint detection and response allows our partners to stop these attacks before they ever start. Security engineers are available 24/7/365 days a year and able to immediately identify and counter the attack appropriately.

SpearTip’s 24/7 Security Operations Center (SOC) has eyes on all variations of cyberattacks. The SOC is made up of cybersecurity professionals to monitor and protect your environment. Not only are our cybersecurity teammates continuously preventing cyberattacks, but also able to deploy our proprietary tool, ShadowSpear® in an environment before or after an attack. Visit to learn more about our services and our ShadowSpear® Platform.