Researchers Explore Microsoft Outlook Phishing Techniques

  /     /     /  
Publicated : 23/11/2024   Category : security


Researchers Explore Microsoft Outlook Phishing Techniques


Outlook features intended to improve collaboration and productivity may make social engineering attacks more effective, researchers find.



Some of the tools built into Outlook to boost productivity and collaboration could also make it easier to launch effective social engineering campaigns, researchers say. 
In early December, researchers with Avanan discovered a way in which Outlooks features could be used to make an attacker appear more credible in a phishing or business email compromise (BEC) attack. Their attack started with a spoofed email. If an attacker had a private server, they could launch a domain impersonation attack with an email pretending to come from another sender. 
This technique has not been seen in the wild.
If the phony email successfully passed security defenses — as domain impersonations sometimes do, cybersecurity analyst Jeremy Fuchs noted in a blog post — Outlook will present it as a real email from the spoofed address. This means the message would show legitimate Active Directory details like photos, files shared between uses, legitimate email addresses, and phone numbers.
Its easy for [attackers] to pretend its coming from the correct email address even though its not, Fuchs says in an interview. When they do that, Outlook will think the email is legitimate so it will display all the user information it would normally display for an actual account holder, he notes.
C-suite executives are traditionally thought to be at greatest risk when it comes to BEC and targeted phishing attacks. But data published earlier this year shows that is no longer the case: Avanan researchers
found
51% of all impersonation emails analyzed attempted to impersonate a non-executive in the organization, and non-executives were targeted 77% more often.
The C-suite is still targeted, but everybody now is a target, Fuchs says. A lower-level employee with access to corporate email and Slack accounts could still provide fruitful data to an attacker. If targeted with a phishing email that uses this method, they will see a host of valid Active Directory data associated with a fraudulent address and may be more likely to engage with it.
To the end-user, this conveys legitimacy, Fuchs wrote in a
blog post
on the findings. They can see all the times they have communicated together, the files shared, even their picture. That makes a social engineering attack even more difficult to stop.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Researchers Explore Microsoft Outlook Phishing Techniques