Microsoft: The brand attackers love to imitate

What Cisco Talos researches found was that the most frequently imitated brand worldwide by cybercriminals was by far Microsoft, followed by DocuSign and Amazon in second and third place. PayPal, Adobe, and Instagram also rank in the top 10, along with Nortonlifelock, Chase, Geek Squad, and Home Depot, according to Cisco Talos.

The illegal use of brand names is relatively easy, according to the researchers. For example, attackers insert the trademarks directly into the HTML source code of the email. To make detection more difficult, cybercriminals also encode this email using base64. Another method is to retrieve the logo from a remote server when requested by the email program. In this scenario, the URI (Uniform Resource Identifier) ​​of the resource is embedded in the HTML source code of the email. Alternatively, the attackers provide a logo — base64 encoded — as an attachment, which is displayed by email clients when referenced in the HTML source to persuade potential victims to reveal their login details and other sensitive information.

The attackers’ perfidious goal: By making the email about the brand name appear to come from a trustworthy company, recipients are less likely to doubt the message’s authenticity. For example, the fraudsters pose as technical support employees of a company that is supposedly acting on behalf of the company whose brand is being exploited. The email requests the victim’s login credentials, for example, and thus gains access to the relevant accounts.