You get an email from Microsoft and don’t think twice about opening it. After all, it’s Microsoft – big tech company, trusted by millions.
But here’s the thing: that email might not be from Microsoft at all.
Criminals love using trusted brands to trick people. Right now, Microsoft is the most impersonated company in phishing scams. New research shows 36% of brand phishing attacks in early 2025 were pretending to be Microsoft. Google and Apple were next on the list.
What’s phishing again?
It’s when criminals send fake emails that look like they’re from real companies. They want you to click dodgy links, open infected files, or hand over your passwords and bank details.
When it works, it’s bad news: stolen money, hacked systems, leaked customer data. Proper nightmare for any business.
The problem is these fake emails are getting better. Less spelling mistakes, fewer obviously dodgy links. Scammers copy company logos perfectly and build fake websites that look exactly like the real thing. They even make the sender address look genuine.
Recently, researchers found criminals copying Mastercard’s website to steal card details. Shows you how far they’ll go.
So how do you tell if that Microsoft email is real?
Slow down when reading emails. Real companies like Microsoft never rush you with threats like “Click now or your account gets locked.” That’s a red flag.
Check the sender’s email address properly. Looks right at first glance? Look again. Might be “micros0ft.com” instead of “microsoft.com”. These criminals count on you missing the small stuff.
Don’t click links in suspicious emails. If you’re not sure, open your browser and type the company’s website address yourself. Takes 30 seconds and could save you thousands.
Staying protected
Phishing emails are only getting more convincing, so you need to:
Stay alert – especially with urgent-sounding emails. Get decent security software, use two-factor authentication (so even if they get your password, they still can’t get in).
Remember: the bigger the brand name, the more criminals want to copy it. That Microsoft email might look genuine, but it could be trouble.
Training: For as little as £1.50 per month we can offer up to date and relevant online training for your team?
The National Cyber Security Centre are a great resource for free impartial advice: https://www.ncsc.gov.uk/cyberaware/home?%3F
We help North Staffordshire businesses stay protected from phishing and other cyber nasties. If you’d like to chat about keeping your IT secure, get in touch.