Microsoft is aware of the fact that Cybercriminals are targeting Office 365 customers via phishing emails, in which the hacker sends out emails pretending to be Microsoft. In order to combat this scheme, Microsoft flags any illegitimate emails containing “Apple” or “Microsoft.”
Smart.
But the bad guys aren’t just lying down and taking the defense.
According to Avanan, a cloud security company, the criminals are sending out new phishing emails using the aptly-named ZeroFont technique, in which the attacker sets the email content to be set to the zero-size font. What happens is that, to the user, nothing seems amiss in the emails, and Microsoft is unable to flag the email because they are unable to read the word “Microsoft.”
Additionally, hackers began splitting malicious URLs in an effort to circumvent Office 365’s Safe Links Security feature.
“Where there is a will, there’s a way.” This applies to the good guys and the bad guys. Remember not to click on any link that seems suspicious, and be sure to inspect the sender before opening any email.