Microsoft is the top most impersonated brand in the world, according to a report by Cloudflare. Attackers not only frequently impersonate Microsoft, but they also use Microsoft’s own tools to commit fraud.

Attackers posed as nearly 1,000 different organisations in nearly a billion impersonation attempts against Cloudflare customers.

However, the majority (51.7%) of the time, they posed as one of just 20 organizations, without Microsoft topping the charts, Cloudflare, which handles 20% of the world’s web traffic, said in the report. 

Microsoft is followed by the World Health Organisation, Google, SpaceX and Salesforce respectively.

Generally, attackers primarily impersonate the brands and entities we trust and rely on. In the report titled ‘2023 Email Threat Report’, Cloudflare found that in the Software-as-a-Service (SaaS) category, attackers impersonated Salesforce the most, followed by Notion.so and Box. 

Similarly, in the financial services sector, Mastercard is the mostly impersonated brand. 

In the Asia Pacific (APac) region, India’s State Bank of India (SBI) is the third most impersonated brand, behind LINE and JCB Global.  

Tenable CEO raises red flag on Microsoft’s cybersecurity practices

Earlier this year, an engineer at cybersecurity firm Tenable discovered an issue with the Microsoft Azure platform which enabled an unauthenticated attacker to access cross-tenant applications and sensitive data, such as authentication secrets.

“To give you an idea of how bad this was, our team quickly discovered authentication secrets to a bank. They were so concerned about the seriousness and the ethics of the issue that we immediately notified Microsoft,” Amit Yoran, chairman and CEO, Tenable, wrote in a blog post.

Read more: Microsoft’s Cybersecurity at Big Risk, Tenable CEO Raises Red Flag