Cybercriminals Send Bogus Microsoft Email System Update Alert in Likely AI-Generated Phishing Attack
In this likely AI-generated phishing attack, cybercriminals impersonate Microsoft and send an email claiming to address a critical issue with the recipient’s email delivery system. Using the subject line "Microsoft Account Critical Update," the email falsely states that a system error has caused legitimate emails to be incorrectly routed to spam folders. The message informs the recipient the issue has been resolved but instructs them to use the provided link to update their Microsoft account to ensure they can continue to use their account without further interruption. However, should the target click the button labeled “Update Account Now”, they will be redirected to a malicious website crafted to steal sensitive information such as login credentials or personal data. By mimicking official Microsoft service alerts and highlighting a problem that impacts email functionality, the attackers create a sense of urgency and authenticity that makes their message more convincing.
Older, legacy email security tools struggle to accurately identify this email as an attack because it originates from a spoofed email address, uses legitimate links inside the message, and contains no attachments. Modern AI-powered email security solutions detect suspicious links in the email, identify the mismatch between the sender name and sender domain, and recognize that the sending domain does not match any of the domains in the body links to correctly flag this email as an attack.
Phishing attack claiming to be critical update from Microsoft
How Does This Attack Bypass Email Defenses?
This email attack bypasses traditional security solutions for multiple reasons, including the following:
- Spoofed Email Address: The attacker spoofs a legitimate-sounding email address, bypassing basic email verification checks and adding perceived authenticity.
- Legitimate Links Included: The email includes links associated with recognizable domains, which can pass through basic link verification checks due to its legitimate structure.
- Lack of Attachments: By not including any attachments, the email avoids detection by antivirus and anti-malware systems focused on attachment-based threats.
How Did Abnormal Detect This Attack?
This attack was detected using AI and ML by analyzing various factors, including the following:
- Suspicious Link Analysis: Abnormal's systems scrutinize the presence of links leading to suspicious domains, triggering deeper analysis for possible malicious intent.
- Sender Name and Domain Mismatch: The sender name does not match the sender domain, raising further suspicion during Abnormal’s analysis.
- Unusual Sending Behavior: The sender domain does not match any of the domains found in the body links, raising suspicion.
By recognizing established normal behavior and detecting these abnormal indicators, a modern email security solution has the ability to prevent this attack from reaching inboxes.
Please note the exact detection mechanism from Abnormal Security's system might include proprietary techniques and methodologies not disclosed here.