A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.

  • @[email protected]
    link
    fedilink
    English
    7
    edit-2
    5 months ago

    The bug, according to Kokorin, only works when sending the email to Outlook accounts.

    Sounds like it’s something client side or specific to Microsoft’s o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc