A sextortion scam gained widespread media coverage over the past week. In news reports, Microsoft 365 users were warned to look out for email notifications that exploit a vulnerability in the Microsoft 365 Admin Portal. By sending the messages as notifications from the Microsoft 365 Message Centre (that come from ‘o365mc(at)Microsoft(dot)com’), the emails are treated as safe by some email security services including Microsoft 365.
The scam highlighted the vulnerability of those businesses that are over-reliant on a native security stack like Microsoft 365. While it stands to reason that Microsoft interprets its own messages and notifications as safe, in this instance that meant the company did not challenge other attributes of the emails as they were inbound to Microsoft 365 customer inboxes.
By contrast, the advanced, proprietary filter network of MailGuard as a third-party, treats all emails equally and in this instance it stopped the scam. Scanning the entirety of the emails’ contents, including a myriad of characteristics and attributes, the MailGuard network correctly identified the emails as a scam despite their origin.
Here’s an example of one of the emails below:
Sextortion scams are not new; however, this technique caught Admins and email users off guard, with a spate of new attacks reported as bypassing security measures and reaching inboxes. Users took to Microsoft forums and social media to share their concerns, and no doubt many also directed questions to their IT & security partners.
MailGuard’s security engineers remarked that the scam was particularly pervasive due to its simplicity. Scammers seemed to have access to a database of compromised user email addresses, names and dates of birth, which was being targeted. Our team speculated that a tool was likely created to automate the sending of the campaign via a Microsoft tenancy that was established solely for the purposes of the scam, or otherwise from a compromised account, exploiting the Microsoft 365 Message Centre vulnerability.
The apparent success of the scam demonstrated the importance for businesses to employ an additional layer of specialist email security, like MailGuard, to enhance their native Microsoft 365 security. Similarly, other recent scam examples highlight the need for enhanced email security to bolster a Microsoft 365 security stack.
In June last year, MailGuard first alerted customers to ‘zero zero-day’ emails from a compromised Office 365 account that used a new technique at the time of QR codes, by-passing email filtering services that were over-reliant on scanning for malicious URLs and links. The inclusion of the QR codes as an image in an email, was an emerging tactic to side-step email security trip wires.
An example of one such email emanating from a compromised Office 365 account in June 2023 is shown below.
MailGuard is a leader in the detection of advanced 'zero zero-day' email attacks, and by employing a holistic approach to scanning all email attributes and characteristics, based on more than 23 years of proprietary email security IP, its filter network was able to accurately identify and stop the threats from reaching users.
The following month, Microsoft published its own advisory to alert customers to the dangers of the QR code threats however it wasn’t until December when the company officially announced that it had implemented changes to Microsoft Defender in order to effectively identify and stop QR code based email threats from reaching end-user customers.
So, while there is enormous value in Microsoft 365 and Defender for businesses, these examples highlight the need for a specialist third-party solution like MailGuard to enhance the security of user mailboxes.
Keeping Businesses Safe and Secure
Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.
No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist third-party cloud email solution like MailGuard.
MailGuard is a global specialist in 'zero zero-day' email security, and our advanced, proprietary filter network employs real-time threat detection techniques to amplify our client’s intelligence, knowledge, security and defence. Consider us Special Ops for when speed matters!
MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared and get in touch with our team to discuss fortifying your customer’s cyber resilience.
Talk to us
MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.
Australian partners, please call us on 1300 30 65 10
US partners call 1888 848 2822
UK partners call 0 800 404 8993
We’re on Facebook, Twitter and LinkedIn.