Office 365 users targeted in new phishing attack — Microsoft issues warning about crafty cybercriminals – Laptop Mag

Office 365 users are now in cybercriminals’ crosshairs in a new phishing campaign, according to a warning the Microsoft Security Intelligence (MSI) team issued via Twitter. Malicious actors are using email addresses that appear to be legitimate with display names that mimic bona fide services to dodge email filters.

Microsoft cautioned that cybercriminals are going above and beyond to use detection-evasion techniques that are worryingly convincing and authentic-looking.

Microsoft warns Office 365 users of “crafty” new phishing campaign

The MSI team discovered a new email phishing campaign that it describes as “crafty.”

“An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters,” MSI explained on Twitter.

The deceptive phishing campaign targets Office 365 organizations with employees who often send attachments to co-workers. MSI found phishing emails that seemed as if they were sent from a trusted source. Many of these emails contained faux Microsoft SharePoint attachments with labels such as “Price Books,” “Bonuses” and “Staff Reports.”

See more

The phishing emails use a tactic called “typosquatting,” which involves registering deliberately misspelled domains that, at first glance, look close to a well-known brand. Most quick readers would overlook the subtle typo.

If users fall for the bait and click on the “Open” link, it will lead them to a page that lures them to type in their Microsoft or Google credentials. According to MSI, these sign-on pages look very convincing, making users believe that they’re on a trustworthy path to a legitimate website.

MSI kept emphasizing how authentic these phishing emails looked. As such, employers may not be able to rely on their employees’ good judgment to identify suspicious-looking emails. That’s why MSI shamelessly plugged its Microsoft Defender for Office 365 program as a solution, adding that this software “detects and blocks” these emails.

Phishing attacks are a huge thorn in the side for many popular companies like Netflix and PayPal, but the Redmond-based tech giant should be particularly concerned. According to a CheckPoint Research study, Microsoft topped the list as being the most imitated brand for phishing attacks.

Leave a Reply

Your email address will not be published.

Previous Post

Microsoft is ready to rent Windows 365 cloud PCs for as little as $20 per month – The Verge

Next Post

Maidenhead technology company scoops prestigious Microsoft award – Maidenhead Advertiser

Related Posts