Security News > 2020 > December > Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com

Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
2020-12-10 05:30

A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales.

Spoofed the sender's domain to make it look like the email comes from Microsoft.

Used a relatively new Microsoft 365 capability as a pretext to trick users into following the offered link.

The link takes users to a fake login page that "Asks" for Microsoft 365 login credentials.

The phishing campaign has been aimed at Microsoft 365 enterprise users within various verticals.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/yfHKAhDVAw4/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400