How a phishing campaign is able to exploit Microsoft Outlook

Attackers can capitalize on a function in Outlook that makes spoofed messages seem authentic, says e-mail safety supplier Avanan.


Picture: iStock/OrnRin

Phishing assaults typically attempt to arouse curiosity by impersonating precise firms, merchandise or manufacturers. And the extra common or pervasive the corporate or model, the higher the possibilities of trapping unsuspecting victims. That is why Microsoft merchandise are at all times a tempting goal to spoof. A brand new phishing marketing campaign analyzed by e-mail safety supplier Avanan exploits a key function in Microsoft Outlook.

SEE: Social engineering: A cheat sheet for enterprise professionals (free PDF) (TechRepublic)  

In a weblog publish launched on Thursday, Avanan described a marketing campaign that makes use of each Outlook and Microsoft’s Lively Listing to trick customers into handing over useful information or cash. The corporate found this particular occasion in December 2021 as a part of its common analysis on vulnerabilities.

Although not but noticed within the wild, the marketing campaign is lively and will simply unfold world wide, in keeping with Jeremy Fuchs, cybersecurity analysis analyst at Avanan and writer of the weblog publish.

To make use of Outlook towards its customers, hackers merely begin by devising a phishing e-mail that seems to be despatched from an precise individual. With their very own non-public server, they’ll even create an e-mail that appears to come back from one other sender, turning this into a site impersonation assault.

If the spoofed e-mail skirts previous safety defenses, Outlook will current it as an actual message from the individual being impersonated. The e-mail shows the entire individual’s authentic Lively Listing particulars, together with photographs, shared recordsdata, e-mail tackle and telephone numbers. The recipient can then see all of the instances they’ve communicated with the spoofed individual, together with their footage and any recordsdata shared.


Outlook shows legitimate Lively Listing particulars, even in spoofed emails.

Picture: Avanan

By this marketing campaign, the attackers can exploit the best way that Outlook prioritizes productiveness over safety, in keeping with Avanan. By itself, the Outlook shopper would not carry out e-mail authentication, similar to SPF or DKIM checks. As a substitute, that process is left as much as any e-mail safety in place earlier than a message hits somebody’s inbox. And since Microsoft would not require verification earlier than updating a consumer’s picture in an e-mail, all the required and precise Lively Listing contact particulars seem, even with an SPF fail.

SEE: Warning: 1 in 3 workers are prone to fall for a phishing rip-off (TechRepublic)

To guard your group towards the sort of refined social engineering assault, Avanan gives the next ideas:

  • Be sure you’ve applied layered e-mail safety that kicks in earlier than a message reaches the inboxes of your customers.
  • Arrange an e-mail safety resolution that scans recordsdata and hyperlinks and measures area danger.
  • Shield all purposes that work together with Lively Listing, together with Microsoft Groups and SharePoint.
  • Lastly, this text from Microsoft companion CodeTwo explains stop inner e-mail spoofing in a company that makes use of Alternate.

Additionally see

  • Preventing social media phishing assaults: 10 ideas (free PDF) (TechRepublic)
  • Guidelines: Securing digital data (TechRepublic Premium)

  • How phishing assaults spoofing Microsoft are evading safety detection


  • Microsoft Workplace 365 nonetheless the highest goal amongst phishing assaults (TechRepublic)
  • Learn how to report a phishing or spam e-mail to Microsoft (TechRepublic)
  • Learn how to develop into a cybersecurity professional: A cheat sheet (TechRepublic)
  • Recent Articles


    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox