Microsoft Unearths Large-Scale Phishing Operation Involving 300,000 Subdomains
Published on September 22, 2021
Microsoft Forms is part of the company’s Office 365 cloud service, used by people who want to create quizzes, polls, and surveys. As nothing is left alone by scammers, this tool has been repeatedly abused by crooks who created forms that steal sensitive information from innocent and unsuspecting people. Microsoft thought that they should finally do something about this, so they have announced that they are rolling out an automatic phishing detection to stop users from creating forms that steal sensitive user data.
No matter what the title of the form or survey may be, or how convincing they may be in posing as innocuous feedback collectors, Microsoft will be able to tell that something is wrong by detecting redirections to shady landing pages, password boxes, and more. To cover for what the system won’t be able to detect on its own, Microsoft has also added the option for users to report an abusive phishing form, so the community’s response to this new cleaning effort will play a key role in its success.
The trend of using Microsoft Forms is currently on its culmination point, and if this move by MS didn’t come now, the problem would most likely continue to grow into an increasingly damaging one. Although Microsoft maintains its won Spam Analysis and Phishing Analysis teams, so far, they were unable to detect all of the phishing forms that were created through Forms. This laid the ground for the situation to derail within just a year, recording an impressive increase in the phishing attacks that took place in the platform. According to the company’s report, throughout 2018, there were approximately 470 billion malicious email messages that were sent and received among users of Office 365. These messages concerned either phishing or malware attacks, with the former taking the lion’s share.
As the problem concerns the whole Office 365, and not just the Forms application, Microsoft is also looking to implement additional protection against malicious macros that are usually found in phishing or malware email attachments. If you want to learn more about how you can report spam or phishing messages to Microsoft, check out their official guide on the matter. In addition to that, don’t forget to read the security roadmap for Office 365 users, where crucial advice is laid out.
Do you have something to comment on the above? Feel free to do so in the section down below, or on our socials, on Facebook and Twitter.