Microsoft Outlook's new phishing scheme uses a vulnerability that allows hackers to pretend to be your boss by sending spoofed emails.

New Microsoft Outlook Phishing Scheme Allows Hackers to Pretend to be Your Boss
(Photo : by Drew Angerer/Getty Images)
NEW YORK, NY - MAY 2: The Microsoft logo is illuminated on a wall during a Microsoft launch event to introduce the new Microsoft Surface laptop and Windows 10 S operating system, May 2, 2017 in New York City. The Windows 10 S operating system is geared toward the education market and is Microsoft's answer to Google's Chrome OS.

Microsoft Outlook's New Phishing Scheme

As per the report by Tech Radar, hackers are now exploiting the email service of Microsoft in hopes to target employees of a firm by pretending to be their superior sending urgent emails.

The new phishing scheme on Microsoft Outlook was discovered by the researchers from cybersecurity firm, Avanan.

The researchers found that cyberattackers have gone the extra mile by using social engineering techniques to carry out an attack.

This time around, hackers are using the vulnerabilities on the productivity tools of Microsoft, specifically for its email service, wherein the attackers successfully made their spoofed emails seem like it is a legitimate one.

To be precise, the criminal minds are fooling Outlook o give their fake emails with valid Active Directory details, making it seem like it was actually sent from the email of their boss.

Microsoft Outlook Vulnerabilities Used

According to the news story by Dark Reading, the attackers are using a private server to send domain impersonation emails to their targets.

With the private server, the hackers could send their fake emails to the sender, making it seem that it is not a spoofed email.

According to cybersecurity analyst Jeremy Fuchs, there are some instances that impersonation emails get through the security defenses of Outlook. Thus, Microsoft's email service will present the fake messages as if it is from a legit sender.

What's more, Microsoft Outlook will further help attackers in sending these spoofed emails by including legit Active Directory data, such as the phone numbers, email addresses, and even the files and photos shared previously between the two.

Fuchs further said that "it's easy for [hackers] to pretend it's coming from the correct email address even though it's not."

It comes as the cyber attackers fool Outlook into concluding that the spoofed email is legit. Thus, further making it seem like it is real. It comes as it is paired with complete user information from the impersonated person.

The researchers also warned that Outlook fails to use email authentication systems, such as DKIM and SPF, which should have prevented these types of attacks. As such, hackers successfully send spoofed emails to the inboxes of their targets.

Read Also: Microsoft Discovers New STRRAT Malware Infecting Windows Devices Using Compromised Emails: How to Avoid This Scheme?

Impersonation Emails

On top of that, the researchers of Avanan further found more alarming information about the emergence of impersonation emails.

The cybersecurity study of the firm showed that 77% of the targets are non-executives of organizations. On the other hand, about 51% of the impersonated accounts are likewise non-executives as well.

Related Article: Microsoft Outlook Encounters a Bug Hindering Users From Creating or Opening Mail: How to Fix This?

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion