Attackers are convincingly mimicking the ‘microsoft[.]com’ domain in a recent phishing campaign. In spite of Microsoft’s reported lack of email spoofing protection mechanisms such as DMARC (Domain-based Message Authentication, Reporting and Conformance), users need to be vigilant for emails appearing to come from Microsoft using a relatively new Microsoft 365 capability to review quarantined messages as a pretext to trick users into following the offered link. While you are bringing greater awareness to this recent campaign, send along Tripwire’s 12 Essential Tips for Keeping Your Email Safe for a succinct and ready-made review of top tips and strategies for recognizing email threats. Check out HelpNetSecurity for a sample of the Microsoft 365 phishing email and its contents.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!