Jump to content
  • New Outlook bug lets phishing emails seem genuine


    Karlston

    • 908 views
    • 2 minutes
     Share


    • 908 views
    • 2 minutes

    A vulnerability in Microsoft Outlook is tricking users into believing that phishing emails directed to them are genuine. The Address Book within Outlook shows a person's contact information even though they are not genuine and come from Internationalized Domain Names (IDNs). IDNs include letters from other scripts like Cyrillic that are similar in appearance to letters from the Latin alphabet.

     

    These alphabets trick users into believing that the emails have come from genuine contacts. The vulnerability was discovered by "Dobby1Kenobi" (via Windows Central).

     

    I registered an email address that looked like my own organization email address and sent myself a test email to distinguish what factors in the email stood out as suspicious.

     

    This means if a company’s domain is 'somecompany[.]com', an attacker that registers an IDN such as 'ѕomecompany[.]com' (xn--omecompany-l2i[.]com) could take advantage of this bug and send convincing phishing emails to employees within 'somecompany.com' that used Microsoft Outlook for Windows.

     

    What differed between my organization domain and the phishing domain was a Cyrillic “s” at the start of the domain name.

     

    Mike Manzotti from Dionach.com also reported the bug. Even though Microsoft acknowledged the vulnerability, it said that it won't release a fix for it.

     

    1631028768_nestorwilke_story.jpg

     

    Microsoft told Manzotti:

     

    We've finished going over your case, but in this instance it was decided that we will not be fixing this vulnerability in the current version and are closing this case.  In this case, while spoofing could occur, the senders identity cannot be trusted without a digital signature. The changes needed are likely to cause false positives and issues in other ways.

     

    However, it seems like Microsoft has in fact gone ahead and fixed it. According to Manzotti, Outlook version 16.0.14228.20216 does not have the vulnerability anymore. We recommend users update Outlook to the latest version, and beware of phishing scams like these.

     

     

    New Outlook bug lets phishing emails seem genuine


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...