close
close

Over 5,000 fake Microsoft notifications fueling email hacking campaigns

Posted on by darion

The Check Point Harmony Email & Collaboration team detected more than 5,000 emails pretending to be Microsoft product notifications, which may have led to email scams, the cybersecurity company said on October 2. The e-mails are distinguished by their refined appearance and the content of legal links.

The statement is part of Cybersecurity Awareness Month and highlights the ongoing risk posed by phishing attacks.

The email scam campaign has a polished look

The emails come from “organizational domains impersonating legitimate administrators,” making it appear as if they are coming from an internal administrator, colleague or business partner. Fake emails link to legitimate Microsoft or Bing sites, making fraud difficult to detect even for security-conscious employees scanning for suspicious URLs.

Check Point noted that logging in to a fake email address — thus giving an attacker access to your login credentials — could “lead to email account takeover, ransomware, information theft, or other negative impacts.” The team did not provide any information on whether the attackers have managed to exploit anyone so far.

In 2023, Check Point found that Microsoft was the most counterfeited brand in phishing scams. Other companies that appeared most frequently in spoofing campaigns included Google, Apple, Wells Fargo and Amazon.

WATCH: Teachers may be an underserved community when it comes to cybersecurity training, despite the number of cyberattacks targeting schools.

How to protect yourself from account information fraud

Employees should feel empowered to contact administrators and co-workers personally if they suspect an email message may not be legitimate. If you’re not expecting a request to share a folder or collaborate via business software, verify the email address directly with the person before contacting them.

Users should also look for spelling errors or clunky language. However, the detected Check Point scheme circumvents this problem by copying and pasting real Microsoft privacy policy statements.

The old belief that cursory emails always contain errors is no longer necessarily true. Attackers are aware of these expectations and often use correct grammar to make their phishing attempts more convincing. Plus, generative AI makes creating grammatically correct emails simple and fast.

Follow expert advice on ensuring your organization’s cybersecurity:

  • Keep your operating systems and applications up to date, as security updates often include protection against the latest bugs.
  • Use email services with reliable anti-spam filters.
  • IT administrators should regularly conduct training to educate employees about the latest techniques used by fraudsters.

Additionally, be wary of emails that appear to be from large companies such as Microsoft but are not consistent with the way you typically use their services. Fortinet recommends technical precautions, including the use of reverse IP lookup tools and controlling email accounts with Domain-Based Message Authentication Reporting & Conformance.

Email administrators should configure their email servers so that unauthorized users cannot connect directly to the SMTP port. Likewise, ensuring that SMTP connections from outside your firewall pass through your central mail node can help you track down fraudulent emails if they occur within your organization.