Security News > 2021 > April > How phishing attacks spoofing Microsoft are evading security detection
The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.
In a recent campaign discovered by email security provider Inky, attackers impersonating Microsoft are using a devious method to spoof the software giant's latest logo.
Released on Wednesday, Inky's report "The Microsoft Table Logo Impersonation Scam" describes how this method plays out.
The scam takes advantage of HTML code by incorporating an embedded table that contains a spoofed version of the Microsoft logo.
The spoofed logo looks just like Microsoft's actual logo, so the content is able to pass through security filters and appears legitimate to potential victims.
By using the Microsoft logo, a hidden malicious link, and hexadecimal strings, the email is better able to escape security detection and fool the recipient.
News URL
Related news
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Week in review: Chrome sandbox escape 0-day fixed, Microsoft adds new AI agents to Security Copilot (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)