Microsoft users are receiving phishing emails fraudulently claiming to be from mail couriers FedEx and DHL Express. However, malicious links within the message steal credentials from victims. The recent attacks targeted at least 10,000 Microsoft users, according to the tech giant. The scams used phishing pages hosted on legitimate domains such as Quip and Google Firebase, allowing the emails to slip by Microsoft’s security filters.
According to researchers with Armorblox, the emails appear to be fraudulent to the target as the email titles, sender names, and content are not convincing enough. However, emails informing recipients of scanned documents or missing deliveries will typically cause users to take action without studying the text for inconsistencies.
Read More: 10K Microsoft Email Users Hit in FedEx Phishing Attack