Security bug allows anyone to spoof Microsoft employee emails
A researcher has found a way to impersonate Microsoft corporate email accounts, which could make phishing attacks harder to spot.
You're viewing a single thread.
The bug, according to Kokorin, only works when sending the email to Outlook accounts.
Sounds like it's something client side or specific to Microsoft's o365/outlook.com servers. Could be the exploit bypasses header verdicts for SPF/dkim/dmarc