Security News > 2021 > December > How a phishing campaign is able to exploit Microsoft Outlook
2021-12-09 15:52
A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook.
To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.
Since Microsoft doesn't require verification before updating a user's image in an email, all the necessary and actual Active Directory contact details appear, even with an SPF fail.
Finally, this article from Microsoft partner CodeTwo explains how to prevent internal email spoofing in an organization that uses Exchange.
How phishing attacks spoofing Microsoft are evading security detection.
How to report a phishing or spam email to Microsoft.
News URL
Related news
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Microsoft Outlook workaround fixes freezes when copying text (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)