Security News > 2021 > December > How a phishing campaign is able to exploit Microsoft Outlook
2021-12-09 15:52
A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook.
To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.
Since Microsoft doesn't require verification before updating a user's image in an email, all the necessary and actual Active Directory contact details appear, even with an SPF fail.
Finally, this article from Microsoft partner CodeTwo explains how to prevent internal email spoofing in an organization that uses Exchange.
How phishing attacks spoofing Microsoft are evading security detection.
How to report a phishing or spam email to Microsoft.
News URL
Related news
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Microsoft fixes button that restores classic Outlook client (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Microsoft warns of CPU spikes when typing in classic Outlook (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Microsoft announces fix for CPU spikes when typing in Outlook (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
- Microsoft fixes Outlook on the web search issues, failures (source)
- Microsoft fixes Outlook paste, blank calendar rendering issues (source)