Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic
  • Cyber Attacks
  • Data Breach

New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

6 years ago David Bisson
New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic

Security researchers detected a new spear-phishing attack that’s using an exact domain spoofing tactic in order to impersonate Microsoft.

On December 7, IRONSCALES revealed that it had spotted the campaign targeting Office 365 users. Those users primarily worked in the financial services, healthcare, insurance, manufacturing, utilities and telecom industries.

The email security provider took a deep dive into the campaign and found that it was using an exact domain spoofing technique. This means that the campaign’s attack emails used a fraudulent domain that was an exact match to the spoofed entity’s domain.

For the attack, malicious actors disguised the attack emails so that they appeared to have originated from “Microsoft Outlook” at the email no-reply@microsoft[dot]com.

A screenshot of one of the attack emails. (Source: IRONSCALES)

Those emails used the lure of quarantined messages to trick recipients into clicking on a malicious link. If they complied, the campaign redirected the recipients to a fake login page designed to steal their Office 365 credentials.

Notwithstanding their spoofing techniques, the attack emails failed their Sender Policy Framework (SPF) check. This means that the messages were able to bypass the email gateway and land in users’ inboxes.

IRONSCALES investigated this issue and arrived at an explanation. As quoted in its blog post:

Our research found that Microsoft servers are not currently enforcing the DMARC protocol, meaning these exact domain spoofing messages are not being rejected by gateway controls, such as Office 365 EOP and ATP…. It remains unknown as to why Microsoft is allowing a spoof of their very own domain against their own email infrastructure. 

News of this campaign highlights the need for organizations to defend themselves against phishing attacks. One of the ways they can do this is by educating their workforce about some of the most common types of phishing attacks and techniques that are in circulation today. This resource is a good place to start.

The post ” New Microsoft Spear-Phishing Attack Uses Exact Domain Spoofing Tactic” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Encryption, Microsoft, Phishing, TripWire

Continue Reading

Previous Critical Steam Flaws Could Let Gamers to Crash Opponents’ Computers
Next Misery of Ransomware Hits Hospitals the Hardest

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance

8 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

13 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

14 hours ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
  • Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities
  • Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE
  • CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation
  • Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT