Security News > 2021 > April > How phishing attacks spoofing Microsoft are evading security detection
The phishing emails use a Microsoft logo within an HTML table, which is not analyzed by security programs, says Inky.
In a recent campaign discovered by email security provider Inky, attackers impersonating Microsoft are using a devious method to spoof the software giant's latest logo.
Released on Wednesday, Inky's report "The Microsoft Table Logo Impersonation Scam" describes how this method plays out.
The scam takes advantage of HTML code by incorporating an embedded table that contains a spoofed version of the Microsoft logo.
The spoofed logo looks just like Microsoft's actual logo, so the content is able to pass through security filters and appears legitimate to potential victims.
By using the Microsoft logo, a hidden malicious link, and hexadecimal strings, the email is better able to escape security detection and fool the recipient.
News URL
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Balancing usability and security in the fight against identity-based attacks (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)