1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'Phishing campaigns continue to improve sophistication and refine

    From TechnologyDaily@1337:1/100 to All on Tuesday, May 05, 2026 18:15:26
    'Phishing campaigns continue to improve sophistication and refinement': Microsoft flags major 'sophisticated' phishing campaign targeting 35,000
    users across 26 countries

    Date:
    Tue, 05 May 2026 17:05:00 +0000

    Description:
    The goal is to steal Microsoft credentials and bypass MFA, the company says.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Microsoft says a large phishing wave targeted over 35,000 users across 13,000 companies, mostly in the US Polished enterprisestyle emails with urgent prompts were used to bypass security checks Victims were funneled through PDFs and CAPTCHAs to harvest Microsoft credentials in real time Microsoft has warned about a large-scale phishing email campaign against primarily US-based organizations.

    In a new in-depth report Microsoft said it observed a new campaign between April 14 and 16 2026 targeting more than 35,000 users in 13,000 companies. While the campaign affected 26 countries, more than nine in ten emails (92%) went to US-based organizations. Firms in the healthcare and life sciences vertical were most affected (19%), followed by financial services (18%), professional services (11%), and technology and software (11%). Article continues below You may like Microsoft phishing threat report shows 146%
    surge in quishing This devious VENOM phishing campaign targets business executives by name so watch what you click on Microsoft warns of OAuth phishing campaigns able to bypass email and browser defenses - says 'these campaigns demonstrate that this abuse is operational, not theoretical' PDFs and tokens "The lures in this campaign used polished, enterprise-style HTML templates with structured layouts and preemptive authenticity statements, making them appear more credible than typical phishing emails and increasing their plausibility as legitimate internal communications," Microsoft
    explained in the advisory.

    "Because the messages contained accusations and repeated time-bound action prompts, the campaign created a sense of urgency and pressure to act."

    In these emails, the threat actors assumed different identities, such as Internal Regulatory COC, Workforce Communications, or Team Conduct Report.
    The emails themselves were themed around internal case logs, different reminders, and warnings about non-compliance.

    "At the top of each message, a notice stated that the message had been
    'issued through an authorized internal channel' and that links and
    attachments had been 'reviewed and approved for secure access,' reinforcing the email's purported legitimacy," Microsoft further added. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    The crooks were apparently sending these emails from legitimate services, bypassing traditional protections such as SPF, DKIM, and DMARC. They were
    also distributing PDF attachments through which they were redirecting victims to malicious landing pages.

    People who would open the PDF files and click on the links inside would first be redirected through multiple CAPTCHAs, to create a false sense of legitimacy, and to filter out any bots or otherwise automated scanning activities.

    The final step is to harvest Microsoft credentials and tokens in real-time
    and thus work around multi-factor authentication (MFA). The best antivirus
    for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/phishing-campaigns-continue-to-improve- sophistication-and-refinement-microsoft-flags-major-sophisticated-phishing-cam paign-targeting-35-000-users-across-26-countries


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)