Interesting experience with a supposed attempt at my company email today. I received a classic "action required, click here to resolve" email, and naturally informed IT Support of it. Being curious (and home) I decided to look it up a little further.

The domain registered to the phishing site is owned by Microsoft and uses Azure services to perform its business, to which I thought holy crap! But turns out it was just a planned exercise by InfoSec in teaching users about Phishing

@kzimmermann I always like to show everyone I know in IT the email headers and tell them that someone must have gotten access to our internal system is sending out phishing emails to employees. They are never amused.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.