❗ We’ve observed a scammer clearly abusing Microsoft's 'msonlineservicesteam@microsoftonline[.
-
We’ve observed a scammer clearly abusing Microsoft's 'msonlineservicesteam@microsoftonline[. ]com' for spam distribution.The header and message body appear completely legitimate - the abuse is happening through injection into the Subject:
️ Here's an example:
"Your PayPal order for 0.0092 BTC ($699.99) is complete. Not you? Call +1 (803) 237-5050 account email verification code."At this point, it appears the attacker may have simply set the malicious text as either the account name or the organization name.
This also appears to line up with what @zackwhittaker TechCrunch Security Editor identified last week:
https://mastodon.social/@zackwhittaker/116562360000833298....although the activity we’re seeing appears to stretch back several months.
Takeaway: automated notification systems should not allow this level of customization.
Microsoft has been informed of this abusive activity.
#ThreatIntel #Spam #InfoSec #CyberSecurity
-
We’ve observed a scammer clearly abusing Microsoft's 'msonlineservicesteam@microsoftonline[. ]com' for spam distribution.
The header and message body appear completely legitimate - the abuse is happening through injection into the Subject:
️ Here's an example:
"Your PayPal order for 0.0092 BTC ($699.99) is complete. Not you? Call +1 (803) 237-5050 account email verification code."At this point, it appears the attacker may have simply set the malicious text as either the account name or the organization name.
This also appears to line up with what @zackwhittaker TechCrunch Security Editor identified last week:
https://mastodon.social/@zackwhittaker/116562360000833298....although the activity we’re seeing appears to stretch back several months.
Takeaway: automated notification systems should not allow this level of customization.
Microsoft has been informed of this abusive activity.
#ThreatIntel #Spam #InfoSec #CyberSecurity
@spamhaus @zackwhittaker yep that one has been going on for months. It's this: https://abnormal.ai/blog/system-notification-abuse-microsoft-phishing
Entra ID tenant branding. I've been trying to get Microsoft to do something about it for most of the year.
-
We’ve observed a scammer clearly abusing Microsoft's 'msonlineservicesteam@microsoftonline[. ]com' for spam distribution.
The header and message body appear completely legitimate - the abuse is happening through injection into the Subject:
️ Here's an example:
"Your PayPal order for 0.0092 BTC ($699.99) is complete. Not you? Call +1 (803) 237-5050 account email verification code."At this point, it appears the attacker may have simply set the malicious text as either the account name or the organization name.
This also appears to line up with what @zackwhittaker TechCrunch Security Editor identified last week:
https://mastodon.social/@zackwhittaker/116562360000833298....although the activity we’re seeing appears to stretch back several months.
Takeaway: automated notification systems should not allow this level of customization.
Microsoft has been informed of this abusive activity.
#ThreatIntel #Spam #InfoSec #CyberSecurity
@spamhaus yeah this has been going on for a while, and Microsoft has done seemingly nothing to combat the issue.
-
@spamhaus @zackwhittaker yep that one has been going on for months. It's this: https://abnormal.ai/blog/system-notification-abuse-microsoft-phishing
Entra ID tenant branding. I've been trying to get Microsoft to do something about it for most of the year.
@GossiTheDog @zackwhittaker thanks for sharing
-
@GossiTheDog @zackwhittaker thanks for sharing
@spamhaus @GossiTheDog @zackwhittaker same as calendly emails, and as sharepoint and gmail shared document links before them, etc etc etc repeat ad nauseum.
Here's a calendly one from today that M365 mail filtering decided needed to be delivered to my inbox.
Had to zoom out so that you can actually see the calendly footer, because calendly /also/ lets people insert a load of whitespace to try to hide their footer "below the fold"
-
R relay@relay.mycrowd.ca shared this topic
