Cybersecurity company Guardz is warning Microsoft 365 users about a new phishing scam backed by social engineering tactics making the rounds. This isn’t an average scam as attackers trick people into calling fake support numbers using Microsoft 365 infrastructure, putting their login details and accounts at risk.

How the Attack Works

Unlike typical phishing attempts using typosquatted domains, fake or misspelled email addresses, this campaign operates from within Microsoft’s cloud services. This makes the phishing attempts look convincing, easily bypassing email authentication checks like SPF, DKIM, and DMARC.

The attack also utilizes legitimate Microsoft domains (onmicrosoft.com)and manipulates tenant settings. The scammers also set up multiple Microsoft 365 organization tenants, either by creating new ones or compromising existing accounts. Each tenant has a specific role within the attack framework, allowing the threat actors to operate with anonymity.

One of these fake organizations is used to trigger actions that look like normal business activity, such as starting a subscription. Another fake organization is given a name that includes a fake warning message and a phone number. For example, the organization’s name might appear as something like, “(Microsoft Corporation) Your subscription has been successfully purchased… If you did not authorize this transaction, please call .”

When the attackers trigger an action, like a subscription change, Microsoft 365 automatically sends out legitimate emails about it. Because of how the attackers set up their fake organizations, these official Microsoft emails can end up including the fake warning message and phone number in the sender’s information or organization details.

So, you might receive an email that looks like it’s really from Microsoft, confirming a purchase you didn’t make. The email itself is real in the sense that it came through Microsoft’s systems.

But the alarming message asking you to call a number to dispute the charge? That’s the scam. If someone calls the number, they’re connected with the attackers, who then try to steal sensitive information like passwords or trick them into installing malicious software.

Why This Scam Is Effective

This approach is effective for several reasons. Since the emails come from Microsoft’s legitimate systems, they often pass standard security checks that look for fake domains or suspicious links. The emails look official, complete with Microsoft branding. And the urgent message about an unauthorized charge can cause people to act quickly without thinking.

According to Guardz’s report shared with Hackread.com ahead of its publishing on Thursday, this attack is tricky to spot because it uses legitimate services for malicious purposes. Traditional email security measures that check sender reputations or look for fake links might miss this.

The Possible Impact

The implications of this phishing campaign could be significant. Businesses and individuals who fall victim can suffer from credential theft, financial loss, account takeovers or installing malware on their systems. The attack’s dependence on voice channels also makes it more challenging to detect and prevent, as fewer security controls exist in direct phone communications.

Protecting Yourself and Your Business

A few key steps can help prevent these scams. Be wary of unexpected emails about purchases or subscriptions, even if they appear to come from Microsoft. Never call phone numbers listed in emails if something feels off, always verify contact details on Microsoft’s official website.

Pay close attention to sender details; while an email might look legitimate, unusual organization names or urgent wording can be red flags. Also, be cautious of messages from unfamiliar “.onmicrosoft.com” domains. Most importantly, train yourself and your employees to recognize phishing tactics, especially those designed to create a sense of urgency around financial threats.

RELATED TOPICS

1. Fake Facebook Copyright Notices to Hijacking Accounts
2. Hackers Using Fake YouTube Links to Steal Login Credentials
3. PayPal Phishing Exploits MS365 Tools, Genuine-Looking Emails
4. Phishing Attacks Can Bypass Microsoft 365 Email Safety Warnings
5. Astaroth Phishing Kit Bypasses 2FA, Hijacks Gmail, Microsoft Emails

Symantec’s threat hunters have demonstrated how AI agents like OpenAI’s recently launched “Operator“ could be abused for cyberattacks. While AI agents are designed to boost productivity by automating routine tasks, Symantec’s research shows they could also execute complex attack sequences with minimal human input.

This is a big change from older AI models, which could only provide limited help in making harmful content. Symantec’s research came just a day after Tenable Research revealed that the AI chatbot DeepSeek R1 can be misused to generate code for keyloggers and ransomware.

In Symantec’s experiment, the researchers tested Operator’s capabilities by requesting it to:

• Obtain their email address
• Create a malicious PowerShell script
• Send a phishing email containing the script
• Find a specific employee within their organization

According to Symantec’s blog post, though the “Operator“ initially refused these tasks citing privacy concerns, researchers found that simply stating they had authorization was enough to bypass these ethical safeguards. The AI agent then successfully:

• Composed and sent a convincing phishing email
• Determined the email address through pattern analysis
• Located the target’s information through online searches
• Created a PowerShell script after researching online resources

Watch as it’s done:

J Stephen Kowski, Field CTO at SlashNext Email Security+, notes that this development requires organizations to strengthen their security measures: “Organizations need to implement robust security controls that assume AI will be used against them, including enhanced email filtering that detects AI-generated content, zero-trust access policies, and continuous security awareness training.”

While current AI agents’ capabilities may seem basic compared to skilled human attackers, their rapid evolution suggests more sophisticated attack scenarios could soon become reality. This might include automated network breaches, infrastructure setup, and prolonged system compromises – all with minimal human intervention.

This research shows that companies need to update their security strategies because AI tools designed to boost productivity can be misused for harmful purposes.

Cybersecurity tips to protect your cryptocurrency from hackers, scams, and fraud. Learn best practices for securing digital assets and staying safe online.

The cryptocurrency market is changing and growing daily, with new coins created weekly. While the broader market is struggling with weak demand and remains at a critical juncture, Cardano’s ADA is among the top-performing altcoins.

The 8^th largest cryptocurrency by market cap has made a breakout of the local support of $0.6638 and could test the $0.70 zone soon, according to U.Today. When discussing the bullish outlook for the ADA price prediction, it’s essential to understand that the Securities and Exchange Commission’s potential approval of Grayscale’s Cardano ETF filing can impact liquidity and trading volumes. 

Investors and traders aren’t the only ones interested in cryptocurrency. Hackers are thrilled with the idea of unregulated money, which opens new attack vectors and allows them to disappear, leaving no trace. ADA and other cryptocurrency transactions can’t be reversed, altered, or cancelled.

Once transactions have been written to the blockchain – in other words, confirmed – they become immutable. If threat actors get access to or transfer funds from a victim’s wallet, the money is lost forever. Neither transactions nor accounts are connected to real-world identities, so it’s easy for hackers to remain unidentified when they use cryptocurrency, 

Cyberattacks Are An Ever-Present Threat, And The Crypto World Is No Exception 

No threat facing the world has grown so fast, or in a way as difficult to understand, as the danger from cyberattacks. Investors and traders must understand that the inherent risk is increasing; cybercriminals are getting smarter, and their tactics are becoming more sophisticated. There are multiple types of cyberattacks where malicious actors take advantage of cryptocurrencies, such as: 

• Ransomware: When ransomware occurs in the crypto space, malware encrypts files containing the victim’s private keys or digital wallet, making them unreadable. The attacker demands a ransom to provide the encryption key. As a rule, hackers demand payment in the form of cryptocurrency. Infection methods include phishing emails, malicious websites, and compromised accounts. 

• DDoS extorsion: Threat actors blackmail crypto exchanges or blockchain networks by asking them to pay ADA or any other cryptocurrency to avoid their site or service being disrupted by a DDoS attack. The system may struggle to process transactions. Plus, legitimate users can’t connect to network resources.

• Crypto hijacking: The computing power of a compromised device is used to mine cryptocurrency without the owner’s knowledge (Also called cryptomining). Smartphones, servers, and computers are vulnerable to crypto hijacking. Applications may be able to access data and information from the device or other applications. Unlike malware, control is camouflaged in the background. 

We Suggest These Steps To Secure Your Cryptocurrency 

Transfer Crypto From A Centralized Exchange To A Self-Custody Wallet 

If you wish to own Cardano’s ADA, you can choose from among the many crypto exchanges that provide this service. Of course, you must give priority to the security features. Otherwise, you risk losing your hard-earned savings. Crypto exchanges are some of the most targeted in terms of cyberattacks, and while most attempts by hackers have been successfully mitigated, there have been several reports of damaging attacks. Find a reliable exchange with strong security measures and strong DDoS prevention tools. 

Better yet, withdraw your funds to a secure wallet to stay in control of your assets. Due to the difficulty of effectively implementing safety measures, crypto exchanges can’t fully guarantee protection. Whether they call it withdrawing, sending, or transferring, crypto exchanges let you move your funds to a wallet that is compatible with the asset you’re relocating.

A self-custody wallet puts you in complete control of your cryptocurrency, so you must take full responsibility for the security. Lock your account when not in use to make it harder for others to access your account. 

Keep Safe Backups Of Everything 

No matter what type of wallet you use, having a backup of your data ensures quick recovery and minimizes information loss. Go to your wallet’s settings and select the backup option or the export keys option; encrypt your backups to protect against unauthorized access. If you lose your wallet’s private keys, you’ve permanently lost your cryptocurrency. Keep multiple backups on different devices, such as USB drives and paper, which aren’t prone to failure. This way, you have alternate recovery paths. 

When Dealing With Unsolicited Messages, Be Careful 

One of the most prevalent social engineering techniques, phishing, involves sending deceptive messages that seem to be from legitimate sources. Don’t reply without investigating. Most importantly, never confront the sender of a phishing message yourself because it could result in you being targeted specifically. The sender doesn’t even know if your number is active.

Refrain from opening attachments or clicking on links from unidentified sources even if the sender seems familiar, as you can potentially infect your phone. A phishing link can direct you to a website containing malicious code. You can always use a free site like VirusTotal to scan for malicious files and links before executing/opening them.

Replying to unsolicited messages increases the chances of receiving more spam, so you should block the number. It requires a few adjustments in your settings. Android phones allow for freedom when it comes to customization, so the process will vary from device to device.

Many phones have built-in options to filter out messages from unknown senders or mark texts as spam. Be cautious when sharing your phone number online with unfamiliar organizations because it exposes you to other social engineering-based tactics, such as pretexting, quid pro quo, or vishing. 

In Closing 

Cyberattacks have become increasingly targeted and complex due to sophisticated pieces of malware. Individual users are more vulnerable than ever before since hackers have adapted their strategies to exploit weaknesses in smart contracts, wallets, and decentralized finance (DeFi) platforms. As such, it’s necessary to take personal responsibility and protect yourself. Acquire new skills, expand your knowledge, and, above all, shift your perspective.

Image credits: Free Vector | Realistic cardano coin illustration