Security News > 2020 > December > Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by Ironscales.
Spoofed the sender's domain to make it look like the email comes from Microsoft.
Used a relatively new Microsoft 365 capability as a pretext to trick users into following the offered link.
The link takes users to a fake login page that "Asks" for Microsoft 365 login credentials.
The phishing campaign has been aimed at Microsoft 365 enterprise users within various verticals.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/yfHKAhDVAw4/
Related news
- Microsoft squashes SmartScreen security bypass bug exploited in the wild (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft fixes Outlook security alerts bug caused by December updates (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft and Security Incentives (source)
- Microsoft releases Exchange hotfixes for security update issues (source)
- Microsoft pulls fix for Outlook bug behind ICS security alerts (source)
- Microsoft cannot keep its own security in order, so what hope for its add-ons customers? (source)