New Warning As Microsoft 365 Attack Can Bypass Email Security

Forbes - Mar 15th, 2025

A newly identified sophisticated phishing campaign is targeting Microsoft 365 users by exploiting legitimate Microsoft infrastructure to bypass traditional email security controls. This attack, confirmed by Guardz Research, embeds phishing lures within authentic Microsoft communications, making it difficult for both technical defenses and users to identify the threat. The attack leverages trusted Microsoft domains and misconfigurations in tenants to execute business email compromise attacks aimed at credential harvesting.

The significance of this attack lies in its ability to exploit inherent trust mechanisms within Microsoft's ecosystem, using native infrastructure to deliver phishing content that appears authentic. This approach allows attackers to evade detection methods like domain reputation analysis and anti-spoofing measures, posing a significant challenge for security teams. Users and organizations are advised to enhance phishing awareness and scrutinize communications from unfamiliar Microsoft domains, particularly those ending in .onmicrosoft.com, as part of mitigation efforts.

Cybersecurity Microsoft 365 Credential Harvesting Email Security Phishing Attack Guardz Dor Eisner Ron Lev Business Email Compromise

Story submitted by Fairstory

RATING

7.6

Fair Story

Consider it well-founded

The news story provides a detailed and largely accurate account of a sophisticated phishing attack targeting Microsoft 365 users. It benefits from expert commentary and technical explanations, enhancing its credibility and engagement potential. However, the article's reliance on a single source for much of its information and the lack of a response from Microsoft limit its balance and transparency. While the technical details are well-presented, simplifying some aspects could improve readability for a broader audience. The story's timeliness and public interest are strong, given the ongoing relevance of cybersecurity threats. Overall, the article effectively raises awareness of a significant issue, though it could be strengthened by incorporating a wider range of perspectives and additional source verification.

Accuracy

The news story accurately describes a sophisticated phishing attack targeting Microsoft 365 users, leveraging legitimate Microsoft infrastructure to bypass traditional email security measures. The claim about the attack exploiting Microsoft domains and misconfigurations within tenants is supported by the detailed technical explanation provided by Ron Lev, a security researcher at Guardz Research. However, the story could benefit from further verification of specific technical details, such as the exact mechanisms by which tenant properties are manipulated and how these actions evade detection. The inclusion of a statement from Dor Eisner, CEO at Guardz, adds credibility to the claims. While the story is largely accurate, the absence of direct input from Microsoft or independent cybersecurity experts leaves some room for questioning the completeness of the evidence presented.

Balance

The article predominantly presents the perspective of cybersecurity experts from Guardz Research, highlighting their findings and recommendations. This focus provides a detailed technical insight into the attack but limits the range of perspectives. The absence of commentary from Microsoft or other independent cybersecurity experts creates a potential imbalance, as the story relies heavily on a single source for its narrative. While the article does not display overt favoritism, the lack of diverse viewpoints could lead to an incomplete understanding of the broader cybersecurity landscape related to this attack.

Clarity

The article is well-structured, with a logical flow that guides the reader through the complexities of the phishing attack. Technical terms are explained in a way that is accessible to readers with a basic understanding of cybersecurity. The use of direct quotes from experts adds clarity and authority to the narrative. However, the article could improve by simplifying some of the more technical aspects for a broader audience, ensuring that the complexity does not hinder comprehension.

Source quality

The primary source of information is Guardz Research, a credible entity in the cybersecurity field, with statements from Ron Lev and Dor Eisner lending authority to the claims. The article does a good job of attributing technical details to specific experts, enhancing its reliability. However, the story would benefit from corroborating evidence from additional sources, such as independent cybersecurity analysts or official statements from Microsoft, to further strengthen its credibility and address any potential conflicts of interest.

Transparency

The article provides a clear explanation of the phishing attack's methodology, outlining the five phases of the attack flow. It includes expert commentary, which helps in understanding the basis of the claims. However, the story lacks transparency regarding the methodology used by Guardz Research to uncover these threats, as well as any potential conflicts of interest. Additionally, the absence of Microsoft's perspective on the issue limits the transparency of the article, as it does not fully explore the potential implications or responses from all relevant parties.