Hackers are exploiting users with MS Outlook: report

Outlook does not require email authentication such as SPF or DKIM checks, indicating it prioritises productivity over security

December 11, 2021 07:14 pm | Updated 07:17 pm IST

Employing email security tools for scanning files and links, and ensuring the organisation has layered security can help mitigate risks while using Microsoft Outlook

Employing email security tools for scanning files and links, and ensuring the organisation has layered security can help mitigate risks while using Microsoft Outlook

Malicious actors are using social engineering tactics to exploit Microsoft Outlook’s vulnerability and send emails to users, making impersonators seem credible, according to security firm Avanan.

(Sign up to our Technology newsletter, Today's Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)

In one attack, a test spoof email bypassed Outlook’s security layers and even seemed like an authentic email from a legitimate user, alongside displaying the Active Directory address. This address contains photos, files shared between users, recipients’ email addresses and phone numbers.

Outlook does not require email authentication such as Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) checks, indicating it prioritises productivity over security, Avanan said.

Also Read | Ransomware attack on Australian utility claimed by Russian-speaking criminals

Spoofing is also made easier, because Microsoft does not require verification before updating the user image on an email, and it will display all contact data for a user, even if that user has an SPF fail, the firm added.

Employing email security tools for scanning files and links, and ensuring the organisation has layered security can help mitigate risks while using Microsoft Outlook, the security firm noted.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.