More than 5,000 Counterfeit Microsoft Notifications Drive Email Compromise Campaigns

Check Point’s Harmony Email & Collaboration team reported on October 2 that they identified over 5,000 emails impersonating Microsoft product notifications, which pose a risk of email extortion. These emails are notable for their professional design and inclusion of legitimate links.

This announcement aligns with Cybersecurity Awareness Month, underscoring the persistent dangers of phishing attacks.

### Email Scam Campaign Noteworthy for Its Professional Look

The fraudulent emails originate from “organizational domains impersonating legitimate administrators,” giving the impression that they are sent by an internal administrator, colleague, or business partner. They link to genuine Microsoft or Bing pages, complicating the detection of the scam even for vigilant employees who typically check for suspicious URLs.

Check Point cautioned that logging into these fake emails, and thus providing attackers with login credentials, can result in account takeovers, ransomware, data theft, and other detrimental outcomes. The team, however, did not disclose whether any individuals had fallen victim to the scam thus far.

In its 2023 findings, Check Point identified Microsoft as the most commonly spoofed brand in phishing attempts, followed by Apple, Google, Wells Fargo, and Amazon.

### Tips to Protect Yourself from Account Information Scams

Employees are encouraged to reach out directly to colleagues or administrators if they suspect an email may be fraudulent. If a request to share a folder or collaborate through business software is unexpected, it’s wise to confirm the email’s legitimacy with the person before acting on it.

Additionally, watch for misspellings or awkward phrasing, although the recent scheme identified by Check Point cleverly circumvents this by copying and pasting actual Microsoft privacy policy statements. The traditional notion that suspicious emails always contain errors is no longer reliable; attackers have adapted and often utilize correct grammar and polished language, aided by generative AI.

### Expert Recommendations for Cybersecurity

– Ensure operating systems and applications are up-to-date, as security patches often guard against the latest vulnerabilities.
– Use email providers with effective anti-spam filters.
– IT administrators should conduct regular training sessions to raise employee awareness about evolving scam techniques.

### Essential Security Precautions

Be vigilant with emails that seem to originate from major companies like Microsoft but do not fit the normal interaction pattern. Fortinet suggests employing technical measures, including reverse IP address lookups and auditing email accounts with the Domain-based Message Authentication Reporting & Conformance protocol.

Email administrators should configure mail servers to prevent unauthorized users from connecting directly to the SMTP port. Additionally, requiring that SMTP connections from outside your firewall funnel through a central mail hub can enhance the ability to trace and address email spoofing incidents within an organization.

Unlock your business potential with our expert guidance. Get in touch now!

Robot-bot-chatbot-AI.jpg

A Jobseeker’s Handbook: Leveraging AI and Its Implications for Employers

tr_20241220-top-software-development-technologies.jpg

8 Key Software Development Technologies to Watch in 2025

cloud-money-finance-investment-savings-adobe.jpg

AWS Provides Hackney Council with a Minimum 22% Discount on Cloud Services via OGVA 2.0

tr_20241219-eu-guidance-ai-privacy-laws.jpg

EU Provides Guidance for AI Developers on Compliance with Privacy Regulations

IT-sustainability-think-tank-hero.jpg

IT Sustainability Think Tank: Insights from 2024 and Key Priorities for 2025

AdobeStock_210063189.jpg

NVIDIA Unveils New Mini Developer Kit for Generative AI

technology-digital-ai-binary-adobe.jpeg

Digital Ethics Summit 2024: Understanding the Socio-Technical Aspects of AI