Light Dark
May 20, 2020 By David Bisson 2 min read

Microsoft discovered numerous phishing campaigns in which malicious actors attempted to spoof its new Azure AD sign-in page.

Microsoft Security Intelligence said that the spoofing attempts against its new Azure AD sign-in page first appeared in its Office 365 Advanced Threat Protection (ATP) data on May 14. In one of the operations disclosed by Microsoft that same day, malicious actors sent out attack emails with the subject line, “Business Document Received.” The messages attempted to trick recipients into clicking on what appeared to be a OneDrive document. In reality, the attachment was a PDF document that redirected recipients to a phishing site designed to look like Microsoft’s newly redesigned sign-in page.

Leveraging dozens of phishing sites, the campaign described above and others like it arrived approximately three months after the tech giant announced an update to its sign-in page. That change boiled down to visual user interface (UI) modification of the page’s background image so that the sign-in process would consume less bandwidth and load pages more quickly, as Microsoft explained at the time.

A Sign of Phishers’ Desire to Continually Adapt

The Azure AD spoofing campaigns described above represent just the latest attempt by phishers to adapt to changing times. Most commonly, this takes the form of digital fraudsters capitalizing on well-publicized disasters. Such was the case in 2010 when Forcepoint reported on scams surrounding an earthquake in Haiti. The same was true in October 2018 when Proofpoint uncovered phishing schemes leveraging Hurricane Michael as a lure. It’s therefore fitting that malicious actors are ramping up spam activity right now, as IBM Security revealed in a joint study with Morning Consult.

Defend Against Spoofed Azure AD Phishing Attacks

Security professionals can help their organizations defend against adaptive phishing attacks by building a robust security awareness training program. This type of initiative can help keep the workforce educated with regard to evolving phishing attacks and techniques. Additionally, infosec personnel should seek to balance these human controls with technical controls such as network segmentation and the implementation of a least privilege model.

 |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature