Cyber criminals are getting smarter – and your inbox is in their sights.

One of the most common tactics we’re seeing right now is brand impersonation. And the number one brand being faked? Microsoft.

It makes sense. Microsoft is one of the most recognisable names in tech. When an email lands from them, most people don’t think twice about opening it. But that’s exactly what attackers are banking on.

Recent data shows that over a third of all phishing emails in early 2025 pretended to be from Microsoft. Google and Apple followed close behind. Combined, these tech giants account for more than half of all brand-based phishing attempts right now.

So, what exactly is phishing – and how do you protect your business?

What is phishing?

Phishing is a cyber attack disguised as a genuine message from a company you trust. It might come via email, SMS, or even a messaging app. The goal is simple: to get you or your team to click a link, download a file, or hand over login credentials or sensitive information.

Once that happens, the attacker could access your systems, steal data, or lock you out entirely. The consequences? Operational downtime, reputational damage, financial loss – and in some cases, serious regulatory repercussions.

And it’s getting harder to spot.

Phishing scams today don’t come with obvious spelling errors or clumsy graphics. Criminals are mimicking real emails with professional branding, cloned websites, and spoofed email addresses that appear legitimate at first glance. “micros0ft.com” can be surprisingly easy to miss.

We’ve even seen a rise in phishing attacks impersonating Mastercard, where victims are being directed to fake payment portals to enter their card details. It’s all designed to exploit trust and urgency.

How to spot a phishing email

Here’s what to watch for:

• Urgent language – Genuine organisations won’t threaten to lock your account unless you act immediately. That’s a red flag.
• Slightly off email addresses – Always check the domain. Just one letter out can signal something’s wrong.
• Unexpected attachments or links – Don’t click. Navigate to the official website directly through your browser instead.

Encourage your team to pause, verify, and report anything suspicious. It only takes one mistaken click to cause significant disruption.

Protecting your business

Phishing attacks are constantly evolving – and no organisation is immune. But with the right precautions in place, you can drastically reduce your risk.

At a minimum, we recommend:

• Multi-factor authentication (MFA) – Add an extra layer of protection to user logins.
• Advanced email filtering – Block suspicious messages before they reach inboxes.
• Cyber awareness training – Equip your team with the knowledge to recognise and respond to threats.
• Ongoing monitoring and support – Stay ahead of new attack vectors with a trusted IT partner.

Don’t wait for a breach to take security seriously.

At Orbital10 we help organisations build cyber resilience through practical tools, proven strategies, and expert guidance. Whether you need a full security review or just some advice on phishing awareness, we’re here to help. Get in touch to start the conversation >