A large-scale phishing campaign is targeting 200 million Microsoft 365 users around the world, particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom sectors, Ironscales researchers report.
The attackers leverage a domain spoofing technique to create emails that appear to come from Microsoft Outlook ([email protected]). These emails attempt to use urgent language to trick people into using a new Microsoft 365 capability that lets account holders reclaim emails accidentally flagged as phishing or spam.
A link within the email promises to redirect readers to a security portal so they can review and act on so-called "quarantine messages" deemed suspicious by the Exchange Online Protection (EOP) filtering stack, researchers explain in a blog post. Victims who click the link will be asked to enter their Microsoft login credentials on a fake authentication page.
While impersonating the exact name and domain of a specific sender is technically more complex than other spoofing attacks, researchers warn this remains a common phishing tactic that even attentive security-savvy employees are likely to overlook if it arrives in their inbox.
"To the naked eye, the most suspicious element of this attack would be the sense of urgency to view the quarantined messages or the unusualness of receiving this type of email solicitation," researchers note.
Organizations keen to mitigate their risk for this type of attack are advised to ensure their defenses are configured for Domain-based Message Authentication, Reporting, and Compliance (D ..
Support the originator by clicking the read the rest link below.
