Cyber Blog

Cybersecurity researchers have uncovered a dangerous scam where hackers are pretending to be well-known companies in order to steal people’s information and take over their Microsoft 365 accounts. These hackers are using fake apps that look like legitimate Microsoft apps, tricking users into giving them access to their accounts. The scam works by sending fake emails that seem to come from companies like Adobe, SharePoint, and DocuSign. These emails include links that seem like normal business requests, such as asking for quotes or signing agreements. However, clicking on these links takes the person to a fake page that looks like the real Microsoft login page.

Once on the fake page, the hacker’s app asks for permission to view a person’s basic profile and other information. Even though this permission seems harmless, it allows the attackers to move forward with the scam. After accepting or denying the request, the person is taken to another page that asks them to solve a CAPTCHA to prove they’re human. Once they do that, they’re redirected to another fake login page. This is where the hackers steal the person’s login details, including their email and password. What’s worse, the hackers can also bypass security checks like multi-factor authentication (MFA), which is designed to protect people from having their accounts taken over.

This scam has been happening in several different ways, with the attackers also using fake emails from companies like Adobe to trick users. These emails were sent through a service called Twilio SendGrid, which is usually used for legitimate marketing. The goal is always the same: to get people to grant access to their accounts or click links that lead to more phishing pages. Since the start of 2025, researchers have seen over 3,000 accounts from more than 900 organizations targeted in these attacks. This shows that the problem is growing, and the attacks are becoming more sophisticated.

Microsoft has been working on security updates to help prevent these kinds of attacks. They plan to block older, less secure ways of logging in and will also require companies to approve third-party apps before they can access their accounts. These updates are expected to be finished by August 2025, which should make it harder for hackers to use this kind of scam. Microsoft is also planning to improve the security of Excel files by blocking certain types of links, starting in October 2025.

In addition to these attacks on Microsoft 365, there are also other scams happening. For example, hackers are sending fake emails that look like payment receipts. These emails contain links that install malicious software, such as a keylogger that records everything the victim types. Another scam involves Remote Monitoring and Management (RMM) tools that look like normal PDFs, such as invoices or contracts. Once clicked, these links install programs that allow the hackers to take control of the infected computer. These tools are often used to prepare for bigger attacks, such as ransomware, which can lock people out of their files and demand a ransom for their release.

Overall, it’s clear that hackers are becoming more clever in how they target people and steal their information. While Microsoft is working on security updates to protect users, it’s still very important for people to be careful about clicking on suspicious links, especially if they come in emails asking for login details or personal information. Being cautious can help avoid falling for these types of scams.