The famous Office 365 app Microsoft Outlook comes with a set of productivity tools, but recent studies show that hackers might use them to send faked email
Experts outline how hackers can utilize Microsoft’s email service’s productivity capabilities to deliver faked emails to a specific end-user in a research article.
To complicate things even more, the Office 365 app collects and shows the counterfeit user’s valid Active Directory credentials, giving their bogus emails an air of credibility.
Hackers have started utilizing Outlook’s productivity tools to deliver supposedly valid emails to intended users in a new social engineering campaign that uses Microsoft’s Outlook to help them look more believable, according to the cybersecurity firm’s investigators.
All a hacker needs to do is send a faked email to use Outlook’s productivity capabilities on unsuspecting people. They may conduct a domain impersonation assault if they also have their own private server and can construct an email that appears to have come from some other sender.
If this faked email gets past security barriers, as is commonly the case with most domain impersonations, Microsoft’s email client will display it as a valid email from the spoofed person, complete with images, folders shared between users, valid email addresses, and contact information from their Active Directory.
Microsoft Outlook, as per experts, does not perform email verification such as SPF or DKIM tests. As a consequence, if a faked email reaches a user’s inbox, Outlook assists the hacker by showing accurate Active Directory information. Spoofing is further made simpler for the hacker as Microsoft doesn’t really demand authentication before changing a user’s image in an email and will show all of a user’s contact details even if the user has an SPF failure.
To avoid being harmed by attacks based on this security flaw, researchers advise security experts to make sure that their company has layered security before the inbox, use an email security solution that analyses files and links and measures domain risk, and defend all apps that communicate with Active Directory, such as Microsoft Teams and SharePoint.