Why Scammers Use Microsoft and Google Services

Proofpoint raised the alarm over malicious agents abusing legitimate services to carry out phishing attacks. The organization claims that scammers use “Office 365, Azure, OneDrive, SharePoint, G-Suite, and Firebase storage” as their main operation platforms.

The figures Proofpoint report on are staggering:

Proofpoint claims that these phishing campaigns outdid all botnets in 2020, which shows just how much phishing is going on.

In Q1 2021, we observed seven million malicious messages from Microsoft Office 365 and 45 million malicious messages from Google infrastructure, which far exceed per quarter Google-based attacks in 2020.

So, why are scammers using Microsoft and Google services? The answer lies in making the phishing email as convincing as possible.

Modern-day email providers have automatic spam filtering set up, and any suspicious-looking mail is whisked away to the spam folder the moment it arrives. Even if it does make it into the inbox, it has to convince the victim to click on malicious links or attachments.

That’s why scammers gravitate toward official services. With a proper-looking email address, they have a far better chance of getting through both the spam blocker and the user’s mistrust.

As such, you should never trust an email based on the address alone. Just because it’s from “onmicrosoft.com” or “gmail.com” doesn’t mean it’s actually from Microsoft, Google, or a legitimate organization that uses either service.

Always keep an eye on the small details and double-check everything to ensure that the sender is legitimate. Phishing attacks are getting pretty advanced in recent years, so it’s vital to keep your wits about you and catch them before they catch you.

Scammers are Spreading the Net Wide for Phishing Attacks

As the world moves more toward using cloud-based services, so too do the scammers. Cybercriminals use legitimate domains to launch their vast phishing campaigns, so be sure to give every email a once-over before clicking on links and attachments.

Even if you do fall for a phishing attack, it’s not the end of the world. As long as you act fast and change your passwords before the hackers get in, you can protect yourself even after falling into a trap.

Image Credit: MicroOne/Shutterstock.com