in ,

Microsoft issues a warning about sophisticated scammers targeting Office 365 users in a new phishing operation.

Microsoft-Office-365-phishing-attack

According to a warning provided by the Microsoft Security Intelligence (MSI) team via Twitter, Office 365 users are now in the crosshairs of hackers in a new phishing effort. To get through email filters, malicious actors are using email addresses that appear to be real and display names that look like legitimate services.

Cybercriminals are going above and beyond to deploy detection-evasion tactics that are alarmingly plausible and authentic-looking, according to Microsoft.

The MSI team discovered a new email phishing campaign that it describes as “crafty.”

An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters

MSI explained on Twitter

The false phishing campaign is aimed at Office 365 users who frequently share attachments to coworkers. MSI discovered phishing emails that appeared to be coming from a reliable source. Many of the emails contained phony Microsoft SharePoint attachments labeled “Price Books,” “Bonuses,” and “Staff Reports,” among other things.

The phishing emails employ a technique known as “typosquatting,” which is registering intentionally misspelled domains that appear to be similar to a well-known brand at first glance. The minor error would go unnoticed by most quick readers.

If users fall for the hook and click the “Open” link, they will be directed to a website where they will be asked to enter their Microsoft or Google credentials. These sign-on pages, according to MSI, are incredibly convincing, leading visitors to assume that they are on a secure path to a real website.

Leave a Reply

Your email address will not be published.

microsoft-windows-365-rent-month

Microsoft Windows 365 cloud PCs ready to rent for as little as $20 per month.

Google-Amazon-Microsoft-cloud-market

Amazon, Microsoft, and Google own 63 percent of the $42 billion cloud infrastructure industry.