






















Do not login here.
Anadolu via Getty Images
Delete your passwords, Microsoft warns its billion-plus users, all of whom should move fully to passkeys. If a password remains on your account, it says, that account remains vulnerable to attack and can be hijacked. As with stolen Apple and Google credentials, Microsoft’s are prized for all the services they unlock.
Little surprise then that Checkpoint has just warned “in Q1 2026, Microsoft continued to be the most impersonated brand in phishing attacks, accounting for 22% of all brand impersonation attempts.” The firm says “the results reinforce a long‑standing trend: attackers consistently exploit highly trusted brands to steal credentials and gain initial access to personal and enterprise environments.”
ForbesYour iPhone Blocks Screenshots Of ‘View Once’ Images—Your Mac Does NotBy Zak Doffman
Checkpoint has flagged a “malicious” new attack, impersonating “Microsoft’s legitimate authentication service” to present users with “a Microsoft‑branded login page.” The URL that directs to the login is designed to trick users into thinking it’s a normal Microsoft site, and the login looks exactly as you would expect.
“The brand name is embedded within a subdomain of an unrelated parent domain, aiming to trick users who do not closely inspect the full URL,” Checkpoint says.
If you enter your email address into the login, the “authentication flow”will send a verification code which redirects “to a non‑functional login screen.” That’s because it’s designed only to harvest your email and password details.
MORE FOR YOU
This Microsoft login is a dangerous fake.
Checkpoint
If you see the login pages pictured here, get out of there as fast as you can. If you have entered any details, then change passwords immediately. If you don’t have a passkey and a non-SMS form of multi-factor authentication on your Microsoft account — or any other account you entered, then fix that immediately as well.
In the quarter, Checkpoint says “Apple climbed to second place with 11%, reflecting attackers’ increasing focus on consumer ecosystems tied to payments, identity, and personal devices. Google was in third place at 9%, while Amazon ranked fourth with 7%.” These are the brands most likely to be hijacked in email attacks.
ForbesApple Changes iPhone After 15 Years—Why You Should ‘Stop Texting’By Zak Doffman
Those four brands alone “accounted for nearly 50% of all observed phishing attempts" in the last quarter, which Checkpoint says "underscores the strong concentration around a small number of globally recognized platforms.”
If you delete passwords on your accounts and switch to passkeys, you don’t have to worry about your guard slipping and falling for one of these attacks. But if you have not yet done that, if your account is secured by just a user name and password and maybe an SMS security code, you are now in those attackers’ crosshairs.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。