Microsoft wishes to warn you about a phishing scam that uses the most basic of phishing techniques, such as slightly misspelt domain names, URLs, and sender addresses.¬†IT Consultant¬†and individuals are safe¬†if you’re hyper-aware of mistakes and detect them even when spam filters fail.¬†However, Microsoft has a caution for anyone who only glances at an email to see whether it’s from a valid sender: Look carefully.¬†
“An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters,” according to the Microsoft Security Intelligence Twitter account.
If you get an email with file-sharing demands for incentives, staff reports, and other similar stuff, don’t click on the link. The URLs in these malicious emails are bad, and they can lead to a phishing website for Office 365, where you’ll be prompted to enter your credentials.
The fact that “both URLs require sign-in to continue to the final page, circumventing many sandboxes” makes these phishing attempts more difficult than normal. Furthermore, according to Microsoft, this phishing effort employs various evasion methods that make it difficult to detect.
Microsoft, on the other hand, isn’t only warning users about the threat; it’s also giving aid in tracking it out. To ensure that no phishing¬†office¬†365 email¬†have slipped through gateways and harmed innocent inboxes, you may download Microsoft’s sophisticated hunting query from GitHub.¬†