This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Microsoft’s Security Intelligence staff has issued an alert to Office 365 users and administrators to watch out for a sneaky phishing email with fake sender addresses.
Researchers at Microsoft noticed an active campaign targeting Office 365 organizations with cogent emails and several strategies to evade phishing detection, including an Office 365 phishing page, Google cloud web app hosting, and an exploited SharePoint site that entices victims to write in their credentials.
“An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters,” the Microsoft Security Intelligence team said in an update.
“The original sender addresses contain variations of the word “referral” and use various top-level domains, including the domain com[.]com, popularly used by phishing campaigns for spoofing and typo-squatting.”
The fraudsters are using Microsoft SharePoint in the display name to tempt victims to click the link. Researchers identifie
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Microsoft Warns Office 365 Users of ‘Sneaky’ Phishing Campaign