Microsoft has recently been sending out email notifications warning some customers of a data breach that might have impacted their personal information. However, the way the company did it drew heavy criticism, with some people saying Microsoft’s emails looked like spam at best – and phishing at worst.
Cybersecurity researcher (and former Microsoft employee) Kevin Beaumont took to LinkedIn recently to explain to his followers that they’re not being targeted with phishing, and that it was just Microsoft communicating poorly:
“Microsoft had a breach by Russia impacting customer data and didn’t follow the Microsoft 365 customer data breach process. The notifications aren’t in the portal, they emailed tenant admins instead.” Beaumont said. “The emails can go into spam — and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers. You want to check all emails going back to June. It is widespread.”
Scanning the url
One of the key issues, TechCrunch noted, is that Microsoft added a “secure link” to the email – which leads to a domain seemingly unrelated to Microsoft: “purviewcustomer.powerappsportals.com.”
“Basically, the critical alert looks like a phishing attack,” one of the recipients said on X.
Many of the people receiving this email thought the same, TechCrunch further suggests, since the link got submitted to urlscan.io “more than a hundred times.” URL Scan is a service that can tell if a website is malicious or not.
What’s more, Microsoft’s support portal has a few posts where customers were looking for clarification if the emails they’re getting are legitimate or not.
“This email has several red flags for me, the request for the TenantID and essentially admin or high level email addresses, the powerapps page being barebones, and some quick Googling not finding anything related to the title of this email or it’s [sic] contents,” one person wrote. “Can anyone confirm this is a legit Microsoft email request?”
More from TechRadar Pro
https://cdn.mos.cms.futurecdn.net/CT482eMSRL8PagRtuBVYNd-1200-80.jpeg
Source link