Phishing Campaign Targets 200M Microsoft 365 Accounts

Dark Reading

Kelly Sheridan

A large-scale phishing campaign is targeting 200 million Microsoft 365 users around the world, particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom sectors, Ironscales researchers report.

The attackers leverage a domain spoofing technique to create emails that appear to come from Microsoft Outlook (no-reply@microsoft.com). These emails attempt to use urgent language to trick people into using a new Microsoft 365 capability that lets account holders reclaim emails accidentally flagged as phishing or spam.

A link within the email promises to redirect readers to a security portal so they can review and

Get the Morning Update

Thanks for subscribing!