Microsoft, as per various cybersecurity firms, is one of the most commonly impersonated brands used by hackers. A new research by CheckPoint reveals how 5,000 Microsoft emails are being used by scamsters.
Harmony Email & Collaboration’s cyber security researchers have caught over 5,000 emails masquerading as Microsoft notifications. “The emails utilise exceptionally sophisticated obfuscation techniques, rendering it nearly impossible for users to distinguish them from legitimate communications,” claims the researchers.
How does the scam work?
According to the research, the fake Microsoft emails don’t originate from private or unknown domains,. The emails appear to come from organisational domains impersonating legitimate administrators.
“The main portion of a given email will typically include a fake login page or portal, where malicious content may be hidden. An unsuspecting user can easily click on this and input sensitive information or download a threat,” notes the research. The email looks genuine and in particular, “the style of the email is so duplicative of what users generally receive that a given user would have no reason to flag it,” notes the research.
To hide the malicious intent of these emails, cyber criminals are deploying sophisticated obfuscation techniques. Some emails include copied-and-pasted Microsoft privacy policy statements, contributing to an authentic ‘look and feel’.
Other emails have links to Microsoft or Bing pages, making it even more challenging for traditional security systems to recognise and mitigate these threats effectively, claims the research report.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
