Microsoft 365 security bypassed by DHL-spoofing phishing attack

More than 10,000 email inboxes at a private education entity have been compromised by a new credential phishing campaign impersonating international shipping firm DHL to evade Microsoft 365 and Exchange Online Protection, SiliconAngle reports. Attackers have sent phishing emails titled "DHL Shipping Document/Invoice Receipt" with DHL branding that notifies recipients regarding the rerouting of a parcel and includes an attached document titled "Shipping Document Invoice Receipt," which lures recipients into providing their Microsoft login credentials prior to accessing the document, according to a report from Armorblox. "The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls. These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form," said researchers.