ABOUT
WHAT OUR CLIENTS SAYEDUCATION CENTREBLOGCONTACT
MANAGED IT
MANAGED IT SUPPORT
SECURITY
PROTECT MY 365M365 MDRM365 TENANT PROTECTIONHUNTRESS MANAGED EDRCYBER ESSENTIALSCYBER AWARENESS TRAININGIRONSCALES EMAIL SECURITYSENTINELONEDNS FILTERDARK WEB MONITORING
CLOUD
HOSTED DESKTOPMICROSOFT 365WAVE TELEPHONY3CX PHONE SYSTEM
BACKUP
DATA BACKUP & DRMICROSOFT 365 BACKUPXERO BACKUPSALESFORCE BACKUPGOOGLE WORKSPACE BACKUP
0161 850 2471
ABOUT
WHAT OUR CLIENTS SAYEDUCATION CENTREBLOGCONTACT
MANAGED IT
MANAGED IT SUPPORT
SECURITY
PROTECT MY 365M365 MDRM365 TENANT PROTECTIONHUNTRESS MANAGED EDRCYBER ESSENTIALSCYBER AWARENESS TRAININGIRONSCALES EMAIL SECURITYSENTINELONEDNS FILTERDARK WEB MONITORING
CLOUD
HOSTED DESKTOPMICROSOFT 365WAVE TELEPHONY3CX PHONE SYSTEM
BACKUP
DATA BACKUP & DRMICROSOFT 365 BACKUPXERO BACKUPSALESFORCE BACKUPGOOGLE WORKSPACE BACKUP
0161 850 2471

That Might Look Like Microsoft… But Is It?

Michael Tunstall

August 2, 2025

When an email lands in your inbox from Microsoft, chances are you open it without a second thought. It’s Microsoft, after all – one of the most trusted tech names out there.

But here’s the problem: Cyber criminals know that too.

And they’re using it to their advantage.

In fact, Microsoft is now the most impersonated brand in phishing attacks. Recent research shows that a staggering 36% of all brand-related phishing scams in early 2025 pretended to be from Microsoft.

That’s more than one in three.

Google and Apple followed closely behind – with those three tech giants making up over half of all phishing attempts. So, what’s going on?

First Things First: What Is Phishing?

Phishing is a type of cyber attack where criminals pose as trusted organisations – like Microsoft – to trick you into taking harmful actions.

That could mean:

  • Clicking a malicious link

  • Downloading a dangerous file

  • Entering sensitive data like passwords or payment details

Once they have what they want, the fallout can be huge: Data breaches, financial loss, stolen identities – and massive headaches for your business.

These Emails Look Legit – But They're Not

Phishing has come a long way from the obvious typos and dodgy grammar.

Modern scams use real branding, cloned websites, and even spoofed email addresses to appear genuine. A phishing email might look identical to one from Microsoft, right down to the layout and logo.

Even Mastercard is now seeing an uptick in brand impersonation scams – with fake payment pages designed to capture card details.

It’s sophisticated. It’s sneaky. And it’s on the rise.

How to Spot a Fake

So, how do you know if that “urgent account alert” from Microsoft is real or not?

Here are a few key red flags:

  • Urgency or threats – Real companies don’t say things like “Act now or lose access”

  • Dodgy domains – Double-check the sender’s address. Look closely: is it micros0ft.com instead of microsoft.com?

  • Suspicious links – If in doubt, don’t click. Go directly to the company’s website by typing it in yourself.

A moment of caution could save your business from a major security breach.

How to Stay Protected

Phishing scams are only getting more convincing. But there are a few steps you can take to stay ahead:

Train your team to spot the warning signs
Use multi-factor authentication (not just passwords)
Deploy email security tools to filter out dangerous messages
Stay vigilant, especially with emails from big brands

Don't Let Familiar Names Fool You

The more recognisable a company is, the more likely scammers are to exploit its name. That email from Microsoft? It could be genuine… or it could be your next big problem.

Need help reviewing your security setup or training your team to spot phishing emails? We can help.

Get in touch and let’s strengthen your defences before the next fake email hits.

<All Posts