A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

  • jemikwa
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    5 months ago

    The bug, according to Kokorin, only works when sending the email to Outlook accounts.

    Sounds like it’s something client side or specific to Microsoft’s o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc