Security News > 2021 > April > How phishing attacks spoofing Microsoft are evading security detection

The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.
In a recent campaign discovered by email security provider Inky, attackers impersonating Microsoft are using a devious method to spoof the software giant's latest logo.
Released on Wednesday, Inky's report "The Microsoft Table Logo Impersonation Scam" describes how this method plays out.
The scam takes advantage of HTML code by incorporating an embedded table that contains a spoofed version of the Microsoft logo.
The spoofed logo looks just like Microsoft's actual logo, so the content is able to pass through security filters and appears legitimate to potential victims.
By using the Microsoft logo, a hidden malicious link, and hexadecimal strings, the email is better able to escape security detection and fool the recipient.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft shares workaround for Windows security update issues (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)