Security News > 2020 > December > Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales.
Spoofed the sender's domain to make it look like the email comes from Microsoft.
Used a relatively new Microsoft 365 capability as a pretext to trick users into following the offered link.
The link takes users to a fake login page that "Asks" for Microsoft 365 login credentials.
The phishing campaign has been aimed at Microsoft 365 enterprise users within various verticals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/yfHKAhDVAw4/
Related news
- Phishers send corrupted documents to bypass email security (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- North Korean hackers create Flutter apps to bypass macOS security (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft Ignite 2024 Unveils Groundbreaking AI, Security, and Teams Innovations (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)