Security News > 2020 > December > Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
2020-12-10 05:30
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales.
Spoofed the sender's domain to make it look like the email comes from Microsoft.
Used a relatively new Microsoft 365 capability as a pretext to trick users into following the offered link.
The link takes users to a fake login page that "Asks" for Microsoft 365 login credentials.
The phishing campaign has been aimed at Microsoft 365 enterprise users within various verticals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/yfHKAhDVAw4/
Related news
- Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners (source)
- Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
- AI agents swarm Microsoft Security Copilot (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)