Security News > 2021 > December > How a phishing campaign is able to exploit Microsoft Outlook
2021-12-09 15:52
A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook.
To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.
Since Microsoft doesn't require verification before updating a user's image in an email, all the necessary and actual Active Directory contact details appear, even with an SPF fail.
Finally, this article from Microsoft partner CodeTwo explains how to prevent internal email spoofing in an organization that uses Exchange.
How phishing attacks spoofing Microsoft are evading security detection.
How to report a phishing or spam email to Microsoft.
News URL
Related news
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft fixes bug causing Outlook freezes when copying text (source)
- Microsoft fixes bug causing Outlook to freeze when copying text (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Microsoft shares temp fix for Outlook crashing when writing emails (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)