Ethical Hacking News
A new vulnerability has been discovered in misconfigured email routing, allowing attackers to spoof internal emails and steal sensitive information from organizations. Microsoft warns of the increasing sophistication of phishing attacks targeting multiple industries, including financial scams and campaigns designed to look like internal communications.
Microsoft has warned of a vulnerability in email routing allowing attackers to spoof internal emails. Phishing attacks are becoming increasingly sophisticated, targeting multiple industries with financial scams and campaigns disguised as internal communications. Attackers use PhaaS platforms like Tycoon2FA to steal credentials and bypass MFA, making it difficult for recipients to distinguish between genuine and spoofed emails. The use of proper DMARC reject and SPF hard-fail policies can block phishing attacks spoofing organizations' domains.
Microsoft has recently warned of a vulnerability in email routing that is allowing attackers to spoof internal emails and steal sensitive information from organizations. This threat, which has been identified as "misconfigured email routing enables internal-spoofed phishing," is exploiting complex routing scenarios and weak spoof protections to deliver phishing messages that appear to have been sent internally.
The report published by Microsoft highlights the increasing sophistication of phishing attacks targeting multiple industries, including financial scams and campaigns designed to look like internal communications. These phishing emails often use common themes such as HR notices, password resets, voicemails, or shared documents to trick victims into divulging sensitive information.
Attackers are leveraging PhaaS platforms like Tycoon2FA to steal credentials, bypassing MFA in some cases. They also employ tactics like using the same email address in both the "To" and "From" fields to appear legitimate, making it difficult for recipients to distinguish between genuine internal communications and spoofed emails.
In many cases, these phishing messages redirect users through legitimate-looking links to attacker-controlled sites, where they are presented with fake CAPTCHA pages designed to steal credentials. The use of PhaaS platforms like Tycoon2FA enables attackers to exploit vulnerabilities in third-party connectors, allowing them to bypass security measures and deliver phishing attacks that appear to come from within the organization.
Microsoft has observed financial scams delivered through spoofed emails that appear to come from inside an organization. These messages are designed to look like ongoing email threads involving senior staff, often impersonating the CEO, accounting department, or supplier requesting payment.
To prevent these attacks, organizations must enforce strict DMARC reject and SPF hard-fail policies and properly configure third-party mail connectors. Microsoft has noted that tenants with MX records pointing directly to Office 365 are protected from this threat.
The use of proper spoof protection and connector configuration can block phishing attacks spoofing organizations' domains. However, many campaigns continue to exploit complex email routing and weak spoofing protections to send phishing emails that look like internal messages.
Related Information:
https://www.ethicalhackingnews.com/articles/Misconfigured-Email-Routing-A-Vulnerability-of-Unparalleled-Proportions-ehn.shtml
https://securityaffairs.com/186638/uncategorized/misconfigured-email-routing-enables-internal-spoofed-phishing.html
https://blog.barracuda.com/2025/06/11/everything-need-know-phishing-as-a-service
https://www.comparitech.com/blog/information-security/what-is-phaas/
Published: Wed Jan 7 09:04:19 2026 by llama3.2 3B Q4_K_M
