Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
  • Cyber Attacks
  • Data Breach

New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

5 years ago David Bisson
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security researchers detected a new spear-phishing attack that’s using an exact domain spoofing tactic in order to impersonate Microsoft.

On December 7, IRONSCALES revealed that it had spotted the campaign targeting Office 365 users. Those users primarily worked in the financial services, healthcare, insurance, manufacturing, utilities and telecom industries.

The email security provider took a deep dive into the campaign and found that it was using an exact domain spoofing technique. This means that the campaign’s attack emails used a fraudulent domain that was an exact match to the spoofed entity’s domain.

For the attack, malicious actors disguised the attack emails so that they appeared to have originated from “Microsoft Outlook” at the email no-reply@microsoft[dot]com.

A screenshot of one of the attack emails. (Source: IRONSCALES)

Those emails used the lure of quarantined messages to trick recipients into clicking on a malicious link. If they complied, the campaign redirected the recipients to a fake login page designed to steal their Office 365 credentials.

Notwithstanding their spoofing techniques, the attack emails failed their Sender Policy Framework (SPF) check. This means that the messages were able to bypass the email gateway and land in users’ inboxes.

IRONSCALES investigated this issue and arrived at an explanation. As quoted in its blog post:

Our research found that Microsoft servers are not currently enforcing the DMARC protocol, meaning these exact domain spoofing messages are not being rejected by gateway controls, such as Office 365 EOP and ATP…. It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure. 

News of this campaign highlights the need for organizations to defend themselves against phishing attacks. One of the ways they can do this is by educating their workforce about some of the most common types of phishing attacks and techniques that are in circulation today. This resource is a good place to start.

The post ” New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Microsoft, Phishing, TripWire

Continue Reading

Previous Critical Steam Flaws Could Let Gamers to Crash Opponents’ Computers
Next Misery of Ransomware Hits Hospitals the Hardest

More Stories

  • Data Breach
  • Vulnerabilities

OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability

5 hours ago [email protected] (The Hacker News)
  • Data Breach
  • Malware

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

8 hours ago [email protected] (The Hacker News)
  • Cyber Attacks

⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More

10 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack

2 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Vulnerabilities

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

3 days ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

3 days ago [email protected] (The Hacker News)

Recent Posts

  • OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability
  • DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials
  • ⚡ Weekly Recap: Telecom Sleeper Cells, LLM Jailbreaks, Apple Forces U.K. Age Checks and More
  • 3 SOC Process Fixes That Unlock Tier 1 Productivity
  • The State of Secrets Sprawl 2026: 9 Takeaways for CISOs

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT