Security News > 2020 > December > Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
2020-12-10 05:30
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales.
Spoofed the sender's domain to make it look like the email comes from Microsoft.
Used a relatively new Microsoft 365 capability as a pretext to trick users into following the offered link.
The link takes users to a fake login page that "Asks" for Microsoft 365 login credentials.
The phishing campaign has been aimed at Microsoft 365 enterprise users within various verticals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/yfHKAhDVAw4/
Related news
- Phishers send corrupted documents to bypass email security (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- ‘Sneaky Log’ Microsoft Spoofing Scheme Sidesteps Two-Factor Security (source)