Microsoft has warned that hackers are already including the company’s latest software updates and releases into online scams.
The company says it has detected a number of phishing campaigns that utilise updated branding from the new versions of Microsoft 365 and the company’s Azure cloud platform.
These scams are being used to try and trick victims into giving away their personal or login details to the services, which can then be either sold on by the criminals, or used to gain access to potentially lucrative business networks.
Microsoft phishing
“Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns,” Microsoft said in a tweet. “We have so far seen several dozens of phishing sites used in these campaigns.”
Microsoft 365 saw a major overhaul back in March aimed at making the service a lot more personal for users.
The upgrade included re-branding existing consumer-facing Office 365 subscriptions under the Microsoft 365 umbrella, with new Personal and Family plans launching in April.
Popular Microsoft 365 software offerings including Excel, Outlook PowerPoint and Teams were given a significant number of new tools and updates, with users also promised even more new additions coming soon.
Microsoft also began rolling out a new sign-in process for Azure AD in April aimed at reducing the amount of bandwidth needed to access the service. The cloud computing platform has seen huge spike in usage due to the global lockdown and the shift to remote working environment due to the coronavirus pandemic outbreak.
Due to the sheer size of its customer base, Microsoft is often a popular choice for phishing campaigns, with users a regular target for hackers.
Most recently, security researchers uncovered a phishing scam utilising fake email alerts that spoof Microsoft Teams file share and audio chat notifications, with as many as 50,000 emails detected.
Via BleepingComputer
