Security News > 2021 > December > How a phishing campaign is able to exploit Microsoft Outlook
2021-12-09 15:52
A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook.
To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.
Since Microsoft doesn't require verification before updating a user's image in an email, all the necessary and actual Active Directory contact details appear, even with an SPF fail.
Finally, this article from Microsoft partner CodeTwo explains how to prevent internal email spoofing in an organization that uses Exchange.
How phishing attacks spoofing Microsoft are evading security detection.
How to report a phishing or spam email to Microsoft.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Russian phishing campaigns exploit Signal's device-linking feature (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft says button to restore classic Outlook is broken (source)