Phishing Alert: Office 365 phishing scam spoofs Microsoft domain due to lack of DMARC implementation

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

A recent spear phishing campaign has come to light, focused on Office 365 users within several key industries, including healthcare, insurance, financial services, and manufacturing. Here’s what we know.

After finding almost 100 of its customers were being targeted, researchers at email security platform IRONSCALES exposed this scam.

They found that due to the sophisticated domain spoofing technique, it was very hard to determine whether this was a genuine email or not.

The hackers send a message claiming to be from “Microsoft Outlook” asking users to recover an email that has been directed to the phishing or spam folder. The reclaimed message states that it is urgent that the user clicks on a contained link, a very common tactic employed by social engineers. The link then redirects them to a fake Office 365 login page, where their credentials are harvested by the attacker.

“Our research found that Microsoft servers are not currently enforcing the DMARC protocol, meaning these exact domain spoofing messages are not being rejected by gateway controls, such as Office 365 Exchange Online Protection and Advanced Threat Protection. This is especially perplexing when considering Microsoft frequently ranks as a top-five most spoofed brand year after year.”


Lomy Ovadia – VP of R&D, IRONSCALES

The use of their own domain name and branding must be particularly embarrassing for Microsoft, especially considering the Microsoft servers were not implementing the DMARC protocol. However, a successful phishing campaign always provides an opportunity to reflect on how its security protocols could be improved, so it’s not completely negative news.

Could your security be improved before you’re forced to learn the hard way? Find out now in our Free Click–Prone® test now.