Novel phising campaign uses corrupted Word documents to evade security

December 2, 2024 at 05:49AM A new phishing attack exploits Microsoft Word’s file recovery feature by distributing corrupted documents as email attachments. These files bypass security software due to their damaged condition while remaining recoverable by users, posing a significant security risk. ### Meeting Takeaways: – **Phishing Attack Overview**: A new phishing attack leverages a … Read more

Phishing emails increasingly use SVG attachments to evade detection

November 17, 2024 at 11:37AM Threat actors are increasingly using Scalable Vector Graphics (SVG) files for phishing and malware distribution due to their ability to evade detection. Unlike traditional image formats, SVGs use code to create images and can embed JavaScript, allowing attackers to hide malicious content. Users should treat unexpected SVG attachments as suspicious. … Read more

Microsoft 365 anti-phishing feature can be bypassed with CSS

August 7, 2024 at 11:35AM Researchers discovered a method to hide the ‘First Contact Safety Tip’ in Microsoft 365, potentially increasing the risk of users opening malicious emails. Despite reporting the flaw to Microsoft, the tech giant decided not to address it at this time. The technique involves manipulating HTML and CSS to hide the … Read more

Users call on Microsoft to update Outlook’s friendly name feature

August 6, 2024 at 08:25AM Users are calling for Microsoft to reconsider the display of sender email addresses in Outlook, as phishing criminals exploit the friendly name feature to mask malicious intent. Despite attracting over 100 votes in Microsoft’s forums, the issue persists, posing a significant security risk. There is a plea for Microsoft to … Read more

It’s tax season, and scammers are a step ahead of filers, Microsoft says

March 20, 2024 at 03:38PM Microsoft has uncovered a clever phishing scheme targeting early tax filers in 2024. The scam involves an email claiming to contain tax returns and leads users to a fake website. Once downloaded, it installs malware to steal account credentials. Microsoft warns taxpayers to be cautious, especially certain vulnerable groups, and … Read more