Security News > 2021 > March > Microsoft: Ongoing, Expanding Campaign Bypassing Phishing Protections

Microsoft: Ongoing, Expanding Campaign Bypassing Phishing Protections
2021-03-24 17:12

A phishing email campaign detailed earlier this month is expanding with the use of additional email services to hide malicious intent, according to a warning from software giant Microsoft.

At the time, the researchers revealed that the adversary behind the campaign was leveraging trusted domains to ensure that phishing emails successfully bypass email protections.

Now, Microsoft says that the phishing messages are relying on compromised accounts on email marketing services and leverage configuration settings to bypass phishing protections that organizations might have in place.

"The attackers abuse another legitimate service to further mask the malicious intent of their phishing emails. To evade domain reputation-based solutions, they use Appspot to create multiple unique phishing URLs per recipient," the tech giant added.

Some of the phishing emails used in these attacks masquerade as notifications from video conferencing services, while recent attacks spoof security solutions and productivity tools, Microsoft reveals.

"Because this campaign uses compromised email marketing accounts, we strongly recommend orgs to review mail flow rules for broad exceptions that may be letting phishing emails through," the company concludes.

News URL