A security expert has issued a warning to Microsoft email users about a surprisingly convincing phishing scam.
According to Vsevolod Kokorin, whose online name is Slonser, there is a bug that allows cybercriminals to make phishing scams appear more credible. This could mean that victims may click on malicious links without realizing they are part of a scam.
Specifically, bad actors can spoof Microsoft accounts — those that end in @microsoft.com — making it appear as if they are sending an email from a trusted source. For example, an email may appear to be sent from [email protected]as described in Slonser’s original post.
I want to share my recent case:
> I have found a vulnerability that allows a message to be sent from any user@domain
>We cannot reproduce it
> Send video with exploit, full proof of concept
>We cannot reproduce it
At this point, I decided to stop communicating with Microsoft. pic.twitter.com/mJDoHTn9Xv— Slonser (@slonser_) June 14, 2024
Although the copy in the email is not from Microsoft, the email address itself looks impressively realistic. This is a common phishing tactic, which lures victims to click on links within a legitimate request directory but actually directs people to a malicious website.
This could then lead to people handing over sensitive information, paying money to an unknown person, or downloading malware onto the device without realizing it.
How did Microsoft respond?
Slonser reported the flaw to Microsoft, but the company initially said it was unable to reproduce its original exploit. In a follow-up post to X, he noted that the tech company had acknowledged the issue.
What’s more, talk to the website TechCrunch On Wednesday, Mr Kokorin said: “Microsoft just said they couldn’t reproduce it without providing any details. Microsoft may have noticed my tweet because it was re-opened a few hours ago.” [sic] “One of my reports that I submitted several months ago.”
The bug only seems to work when sending emails directly to Outlook accounts, so Microsoft email users in particular should be on the lookout, as there are about 400 million of them in the world.
Even then, phishing scams can occur Anyone with any email account, It was considered one of the top tech threats earlier this year. Look for any emails that try to push you to take urgent action. When in doubt, contact the company directly rather than clicking on links in emails.
Featured image: Pexels