• Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Search
Tuesday, January 26, 2021
  • About us
  • Advisory Board
  • Write for CISO MAG
  • Careers
  • Login
  • SUBSCRIBE
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
Cyber Security 2021
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • 8 in 10 Consumers are Concerned to Share their Personal Data to Companies

      How Data Protection Can Replace Network Protection in the WFH Era

      cybersecurity-budget

      A 21st Century Solution to Our Cybersecurity Skills Shortfall

      Artificial Intelligence

      Artificial Intelligence and Cybersecurity: A Double-Edged Sword

      Nissan data breach

      What the Automotive Industry Needs to Learn from Nissan’s Cybersecurity Error

      Phishing Campaign on FINRA

      Five Phishing Baits You Need to Know [INFOGRAPHIC]

  • PODCASTS
  • Get Featured
    • INTERVIEWS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
  • Advertise with us
Home News Microsoft.com Spoofed in Spear Phishing Campaign; Microsoft 365 Users Targeted
  • News
  • Threats

Microsoft.com Spoofed in Spear Phishing Campaign; Microsoft 365 Users Targeted

Ironscales researchers found that over 200 million Microsoft 365 users globally are targeted in an organized spear-phishing campaign. The phishing campaign targeted users in multiple business sectors including financial services, insurance, health care, and manufacturing

By
CISOMAG
-
December 11, 2020
Hackers Target Office 365 Users with SurveyMonkey Phishing Campaign
SHARE

Cybersecurity experts from Ironscales identified an organized spear phishing campaign targeting Microsoft 365 users in multiple business sectors including financial services, insurance, health care, manufacturing, and telecom industries. The researchers claimed that Microsoft failed to block spoofed emails that are sent from Microsoft.com. It is found that over 200 million Microsoft 365 users globally are targeted in this email spoofing campaign. Nearly 50% of phishing emails bypass Microsoft 365 Advanced Threat Protection (ATP).

“This spear phishing campaign is putting companies at high risk since even the savviest employees — those who know how to check sender addresses — are likely to perceive the message as legitimate. To date, almost 100 Ironscales customers with a combined total of a few thousand mailboxes have been targeted by this email spoofing attack,” Ironscales said.

How The Microsoft 365 Spoofing Attack Works

  • Attackers send an email to Microsoft 365 users from a fraudulent domain that is a lookalike of the original brand’s domain.
  • Threat actors then create a realistic email from sender “Microsoft Outlook,” to send malicious links or attachments to the users.
  • Once clicked, users are directed to an imposter login page that asks users to enter their Microsoft 365 login credentials.
  • All the harvested users’ credentials are then exploited by threat actors to perform scams or sell on the dark web.
Image Courtesy: Ironscales

“Specifically, the fraudulent message is composed of urgent and somewhat fear-inducing language intended to convince users to click on what is a malicious link without hesitation. As inferred by the message, the link will redirect users to a security portal in which they can review and act on quarantined messages captured by the Exchange Online Protection (EOP) filtering stack,” Ironscales added.

  • TAGS
  • business sectors
  • Cybercriminals
  • financial services
  • fraudulent login pages
  • health care
  • insurance
  • IRONSCALES
  • Ironscales researchers
  • Malicious links
  • manufacturing
  • MIcrosoft
  • Microsoft 365
  • phishing
  • Phishing attacks
  • spear-phishing campaign
  • spoofed domain
  • spoofing domain
  • threat actors
SHARE
Facebook
Twitter
Previous article4 Times Data Regulators Slapped High Penalties in 2020
Next articleSupply Chain Security Takes Center Stage in Dell’s Latest Offering
CISOMAG
https://cisomag.eccouncil.org/

RELATED ARTICLESMORE FROM AUTHOR

Whatsapp Hack
News

Researcher Finds New Android Malware Spreading Via WhatsApp Messages

Australia’s News Media Bargaining Code
News

What Australia’s “News Media Bargaining Code” Means for Google

Beware of these “fleeceware” VPN apps on Apple App Store, SonicWall hacked
News

SonicWall Hacked Through Zero-Day Vulnerabilities in its VPN Product



EXCLUSIVE

CISO MAG Market Trends Report on Endpoint Security - 2020, endpoint security market trends, endpoint security 2020, endpoint security, endpoint security report,

CISO MAG Market Trends Report on Endpoint Security – 2020

CISOMAG - January 24, 2021
0

FOLLOW US FOR MORE UPDATES

Follow @CISOMAG

Latest Issue is Out!

Cybersecurity 2021

Cyber security editorial calendar 2021

MOST POPULAR

Research Finds Increase in Botnet and Exploit Activity in Q2 2020

45% companies don’t have cybersecurity leader: Study

CISOMAG - December 11, 2017
s3 bucket security, Unacademy Suffers a Data Breach

Nearly half of companies have suffered a data breach in the past year: Survey

November 15, 2017
Messaging

Mobile messaging apps new hideout of Dark Web activities: Study

October 27, 2017
Kaspersky

NSA hacking code lifted from a personal computer in U.S.: Kaspersky

October 30, 2017

Instagram data breach! 49 million users’ sensitive data exposed online

May 23, 2019

RECENT POSTS

Whatsapp Hack

Researcher Finds New Android Malware Spreading Via WhatsApp Messages

January 26, 2021
Australia’s News Media Bargaining Code

What Australia’s “News Media Bargaining Code” Means for Google

January 25, 2021
Beware of these “fleeceware” VPN apps on Apple App Store, SonicWall hacked

SonicWall Hacked Through Zero-Day Vulnerabilities in its VPN Product

January 25, 2021
ShinyHunters Strikes Again! Data of 2.28 Mn “MeetMindful” Users Leaked

ShinyHunters Strikes Again! Data of 2.28 Mn “MeetMindful” Users Leaked

January 25, 2021
8 in 10 Consumers are Concerned to Share their Personal Data to Companies

How Data Protection Can Replace Network Protection in the WFH Era

January 25, 2021
Cybersecurity News and Updates, Magazine
CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
Contact us: [email protected]

EVEN MORE NEWS

Whatsapp Hack

Researcher Finds New Android Malware Spreading Via WhatsApp Messages

January 26, 2021
Australia’s News Media Bargaining Code

What Australia’s “News Media Bargaining Code” Means for Google

January 25, 2021
Beware of these “fleeceware” VPN apps on Apple App Store, SonicWall hacked

SonicWall Hacked Through Zero-Day Vulnerabilities in its VPN Product

January 25, 2021

POPULAR CATEGORY

  • News1902
  • Threats1071
  • Features315
  • Partnerships210
  • Governance170
  • Startups160
  • Interviews71
  • Terms of Use
  • Privacy Policy
  • Advertise with us
  • Contact Us
  • MASTERCLASS
© CISOMAG 2020
Edit with Live CSS
Save
Write CSS OR LESS and hit save. CTRL + SPACE for auto-complete.