Accessibility links

Facebook   X   LinkedIn   Email

Microsoft’s Shares Info From Stolen Emails With Its Customers

July 29, 2024

In an unusual move, cyberattack victim Microsoft offers to share emails stolen from their corporate clients in a data breach. Microsoft says hijacked emails will be released to an organization’s administrators only after vigorous verification. The mega tech titan believes the Russian state-sponsored APT (advanced persistent threat group) known as Midnight Blizzard, aka Nobelium and many other names, is responsible for the attack and that the customers have a right to know what they got.

Six months after the breach, Microsoft (MS) says the attack isn’t due to a vulnerability on their part but instead the abuse of an employee’s credentials. The company’s decision to reveal their clients’ stolen emails is a commitment to “sharing information with our customers as our investigation continues.” In the wake of a cyberattack, many victims stay silent about breach details, much less share stolen information with others caught up in the breach.

Moving Forward

In a dedicated customer portal, and after a rigorous approach confirming a client is whom they say they are, MS sent emails welcoming administrators view their stolen emails. From a security perspective, knowing what sensitive information was compromised allows an organization to react with further protections. It’s a strategic opportunity most second-hand victims don’t have after a cyberattack, and administrators should take advantage of the opportunity.

With a breach on a tech giant like MS, organizations doing business with them should expect email phishing attacks. Armed with stolen email addresses and employee names, the likelihood of email phishing is a flashing red light. For those looking forward, a company with cyber-educated employees have a staff that can stop an attack before it starts. And since 91% of cyberattacks start with email phishing, an educated staffer can be an organization’s best defense. After all, if it can happen to MS, it can happen to anyone.

Phishing Phlags:

  • Generic greetings
  • Misspelled names and words
  • Typos
  • Poor quality graphics and images
  • Attachments of any type and unexpected links
  • A sense of urgency tries to provoke quick responses
  • An unknown or odd return email address

BOLO for These Most Dangerous Email Attachments

Scams & Phishing

BOLO for These Most Dangerous Email Attachments

Keeping a lookout for suspicious emails has become a daily consequence of our cyber lives. Phishing emails are notorious for having malicious attachments and opening them is a sure way to compromise your device and its data. These attachments are full of malware, ready and waiting to infect your system with a simple click. Make no mistake, any attachment in a questionable email can be dangerous. However, researchers at F-Secure found that some of this year’s biggest email spam campaigns used particular types of malicious attachments more than others. READ FULL STORY
Common Signs Of Phishing To Keep In Mind When Your Inbox Overflows

Scams & Phishing

Common Signs Of Phishing To Keep In Mind When Your Inbox Overflows

With email phishing, deciphering what’s real from what’s fake can be a challenge. Our inboxes are stuffed with emails fighting to get our attention and get us to take some action. But how to ferret-out what’s legitimate takes some cyber-smarts. Research shows email is the primary method of spreading 92% of all malware, and the U.S. is the target of 86% of all email phishing attacks. Whether at home or at work, email phishing is relentless, but being aware of characteristics they have in common can be a powerful tool. READ FULL STORY
Creative Hacking Underscores The Need For MFA

Your Security

Creative Hacking Underscores The Need For MFA

Attackers are getting more creative by the day. It's more important than ever before with so many bad actors out there to make all of your accounts ultra-secure. That means that using some method of multifactor authentication (MFA) is in order. Case in point: Recently, there was an elaborate scheme targeting unsuspecting users that would perhaps not have been victims, had MFA been enabled. The attackers sent spam email promoting fake sweepstakes where recipients were encouraged to put their credentials into a form. READ FULL STORY
Malware Downloads From Harmless Word Document

Scams & Phishing

Malware Downloads From Harmless Word Document

You have heard it over and over and likely, your reaction is “Yes, I know. Don’t enable macros in Microsoft documents or spreadsheets.” Well, don’t plug your ears or turn away, but you’re about to hear it again…only for a new reason. Some who have less than great intentions have figured out a way to get those macros enabled using a seemingly harmless Microsoft Word document (.doc). So now, even if you have them disabled by default, someone has found a way to get those enabled for you; like it or not. READ FULL STORY
How Using Your Browser’s Spell-Check Is “R-I-S-K-Y” For Your PII

Your Security

Video Icon How Using Your Browser’s Spell-Check Is “R-I-S-K-Y” For Your PII

No one wants to write an email or other document with spelling errors or bad grammar. That’s why using spell-check and other typing assistants have become so popular for business and personal use. But thanks to researchers at Otto-JavaScript (Otto-JS), they found using these helpful browser options sends your PII (personally identifiable information) to big tech companies like Google and Microsoft. No one wants to do that either, so continue reading to learn more about this previously unknown threat to PII. READ FULL STORY