Security News > 2021 > December > How a phishing campaign is able to exploit Microsoft Outlook
2021-12-09 15:52
A new phishing campaign analyzed by email security provider Avanan exploits a key feature in Microsoft Outlook.
To use Outlook against its users, hackers simply start by devising a phishing email that appears to be sent from an actual person.
Since Microsoft doesn't require verification before updating a user's image in an email, all the necessary and actual Active Directory contact details appear, even with an SPF fail.
Finally, this article from Microsoft partner CodeTwo explains how to prevent internal email spoofing in an organization that uses Exchange.
How phishing attacks spoofing Microsoft are evading security detection.
How to report a phishing or spam email to Microsoft.
News URL
Related news
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Microsoft fixes bug causing Outlook freezes when copying text (source)
- Microsoft fixes bug causing Outlook to freeze when copying text (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)