Security News > 2021 > April > How phishing attacks spoofing Microsoft are evading security detection
The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.
In a recent campaign discovered by email security provider Inky, attackers impersonating Microsoft are using a devious method to spoof the software giant's latest logo.
Released on Wednesday, Inky's report "The Microsoft Table Logo Impersonation Scam" describes how this method plays out.
The scam takes advantage of HTML code by incorporating an embedded table that contains a spoofed version of the Microsoft logo.
The spoofed logo looks just like Microsoft's actual logo, so the content is able to pass through security filters and appears legitimate to potential victims.
By using the Microsoft logo, a hidden malicious link, and hexadecimal strings, the email is better able to escape security detection and fool the recipient.
News URL
Related news
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Novel phishing campaign uses corrupted Word documents to evade security (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- Update your OpenWrt router! Security issue made supply chain attack possible (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)