If you’re like most people, you probably use Outlook to keep in touch with friends and family. But what if someone tries to spoof your contact information? Here’s how to avoid it happening. ..
Phishing attacks are one of the oldest ways for malicious individuals to steal information, and an old-school phishing method has found its way into Outlook. Using characters from different alphabets, people can make victims believe spoofed emails are from genuine contacts, as reported by ArsTechnica.
Fortunately, Outlook has received an update that fixes the problem, according to Mike Manzotti from dionach. Make sure to get the latest version, so you don’t fall victim to these phishing attacks.
Essentially, what’s happening here is phishers are using Microsoft Office to show a person’s contact information even though the emails come from spoofed Internationalized Domain Names. The spoof comes from using different alphabets, such as Cyrillic, with characters that look like they would in the Latin alphabet.
Information security professional and pentester Dobby1Kenobi did some testing and found that it was pretty easy to trick the system before the update was issued. It’s interesting how much the characters look similar, and if you aren’t paying attention, it’s easy to see how someone could fall for it.
In a blog post, Dobby1Kenobi said the following:
When working correctly, using domains outside of the actual organization wouldn’t show the address book entry for the person being spoofed, but with this bug, it would look like the email was coming from the person.
Microsoft investigated the case, and initially, it sounded like the company wasn’t going to fix the problem:
However, as mentioned, Microsoft did update Outlook to fix the problem. As always, let this serve as a reminder to be aware of who emails are coming from and verify that it’s actually from who you think it is before you click any links. Also, make sure to keep your important apps up-to-date, as you want to make sure you have those security updates.