A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

  • jemikwa@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    6 months ago

    The bug, according to Kokorin, only works when sending the email to Outlook accounts.

    Sounds like it’s something client side or specific to Microsoft’s o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc