Security bug allows anyone to spoof Microsoft employee emails | TechCrunch
techcrunch.com
A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

  • @jemikwa
    English
    611 days ago

    The bug, according to Kokorin, only works when sending the email to Outlook accounts.

    Sounds like it’s something client side or specific to Microsoft’s o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc