Microsoft Spoofing Bug Revealed

Microsoft Spoofing Bug Revealed

A security bug has put four hundred million email users at risk of highly convincing phishing scams. Vsevolod Kokorin, an online security expert known as Slonser, uncovered a vulnerability that allows hackers to spoof Microsoft corporate accounts, making malicious emails look like they come from trusted addresses like [email protected].

Why is this a big deal?

These phishing emails can trick recipients into clicking malicious links, leading to stolen passwords, banking details, or even malware infections.

Kokorin reported the bug to Microsoft, but initially, the tech giant couldn’t reproduce his findings and didn’t investigate further. However, after a public outcry on X (formerly Twitter), Microsoft acknowledged the issue and reopened one of its reports. This bug specifically affects emails sent to Outlook accounts, which still means a significant threat given the platform’s four hundred million users.

Spotting a Phishing Email

  • Check the Sender’s Email Address: Look for numbers or oddities in the email address.

  • Examine the Logo: Compare it to the company’s official website. Is it fuzzy or off?

  • Check for Errors: Be wary of grammatical or spelling mistakes in the email.

  • Hover Over Links: See the URL without clicking. Does it match the official site?

  • Watch the URL Structure: Be cautious of URLs like maliciousdomainname.com.

  • Urgency and Payment Requests: Phishing emails often create a sense of urgency or mention payments.

  • Educate Your Team: Regular phishing simulations and modern training can help reduce the risk of falling victim to these scams. Learn More.

Why does this matter to you?

Phishing scams rely on creating a sense of urgency, making recipients feel they must act quickly whether that be at home or in the workplace. If you receive an urgent email, take a moment to verify its authenticity by contacting the company directly rather than clicking on any links.

Our Thoughts

We find it alarming how sophisticated phishing attacks have become. This bug shows the lengths to which cybercriminals will go to exploit vulnerabilities. It’s crucial for companies like Microsoft to address these issues swiftly to protect users which they often do, however, it’s just as important for users to stay vigilant and informed about recognising and avoiding these scams.

How can I tell if an email is a phishing attempt?

Look for unusual email addresses, spelling errors, fuzzy logos, and mismatched URLs. Phishing emails often create a sense of urgency and ask for sensitive information.

What should I do if I receive a suspicious email?

Do not click any links. Instead, report the email as phishing to your IT or security department. If you were expecting an email (perfect timing), find a way of contacting the company directly using contact information from their official website.

PhishFrenzy Can Help

PhishFrenzy Can Help

The discovery of this bug is a reminder of the ever-evolving tactics used by cybercriminals. Both companies and individuals need to stay updated on the latest security threats. If you’re concerned about the risks of human error in your business, reach out to us today. We offer regular security awareness training to help your organisation stay safe and informed.

Service Overview

Contact Us