More Than 5,000 False Microsoft Notifications Boosting Email Compromise Campaigns
Researchers from Check Point Harmony Email & Collaboration team identified over 5,000 emails camouflaged as Microsoft product notifications, potentially leading to email extortion, as reported by the cybersecurity company on Oct. 2. The emails are notable for their sophisticated appearance and the inclusion of valid links.
This disclosure coincides with Cybersecurity Awareness Month, emphasizing the persistent threats posed by phishing schemes.
Email scam campaign distinguished by sophisticated appearance
The emails are sent from “organizational domains imitating legitimate administrators,” giving the impression that they originate from an internal administrator, colleague, or business associate. The fraudulent emails direct recipients to genuine Microsoft or Bing pages, making it challenging for even vigilant employees scrutinizing for dubious URLs to identify the fraud.
Check Point pointed out that logging into a counterfeit email — thus surrendering your login credentials to the attacker — can “result in email account hijacking, ransomware, data theft or other adverse consequences.” The team did not disclose whether the attackers had successfully exploited anyone to date.
In 2023, Check Point discovered that Microsoft was the most counterfeited brand in phishing scams. Other frequently impersonated companies in spoofing campaigns included Google, Apple, Wells Fargo, and Amazon.
SEE: Educators might be an overlooked community in terms of cybersecurity education, despite the growing number of cyberattacks targeting educational institutions.
Ensuring Safety from Account Information Scams
Employees should feel empowered to directly contact administrators and colleagues in case they suspect an email’s authenticity. If there is no anticipation of a request to share a folder or collaborate through business software, it’s essential to confirm the email’s legitimacy directly with the individual before proceeding.
Individuals must also watch out for misspellings or awkward language. Nevertheless, the scheme uncovered by Check Point bypasses this by replicating real Microsoft privacy policy statements.
The traditional belief that dubious emails always contain errors is no longer absolute. Attackers are conscious of this norm and often employ correct grammar to enhance the credibility of their phishing attempts. Moreover, generative AI simplifies and expedites the creation of grammatically accurate emails.
Adhere to professional guidance on safeguarding your organization against cyber threats:
- Keep operating systems and applications updated, as security patches often incorporate protections against recent vulnerabilities.
- Utilize email services with dependable anti-spam filters.
- Organize frequent awareness training sessions for employees conducted by IT administrators to educate them about contemporary scamming techniques.
Exercise caution with emails appearing to be from prominent corporations like Microsoft, especially if their content deviates from your usual interactions with their services. Fortinet recommends technical measures, such as utilizing reverse IP address lookup tools and auditing email accounts using the Domain-based Message Authentication Reporting & Conformance protocol.
Email administrators should configure their mail servers to prevent unauthorized users from directly accessing the SMTP port. Similarly, ensuring that SMTP connections from external sources traverse a central mail hub can aid in tracking email spoofing occurrences within the organization.
About Author
