Microsoft is spoofing email of a Massachusetts family-run business?

One of our consultants, Bob McKay, recently discovered what is a bizarre and absurd mistake by Microsoft in the Microsoft 365 Defender platform. When configuring training phishing simulations in the Attack simulation training of Microsoft 365 Defender, he opted to use the built in training functionality so that users who were ‘successfully’ phished would be…

Read more

Browser in the Browser (BitB) attack: Visually perfect phishing

Criminals are constantly coming up with novel techniques to launch attacks and there’s a new phishing technique available to them that’s a terrifyingly convincing.  Users have been told for years to double check domain names, look for padlocks to confirm encryption is enabled and that using SSO (Single-Sign On) services is a good thing –…

Read more