“Phishing, sadly, works for many of the bad actors who continue to use this vector to attack.” As Microsoft continues to integrate AI capabilities across its product suite, security professionals must remain vigilant about emerging threats. According to recent findings from Cofense, attackers are distributing carefully crafted phishing emails that appear to originate from “Co-pilot,” mimicking legitimate Microsoft communications. Security analysts have noted that these phishing pages typically lack “forgotten password” functionality—a common flaw in credential harvesting sites since attackers cannot facilitate genuine password resets. “Over 280 billion emails are sent daily and at the same time, some reports say that 90 percent of data breaches start with a malicious email,” notes Susan Warner, vice president of marketing at Cofense. However, the URLs do not belong to Microsoft domains but to unrelated websites such as “ubpages.com.” The deception continues with a login prompt that mimics Microsoft’s authentication process. Real-world reports already show attackers sending phishing emails claiming to charge users $360 for Microsoft Copilot services. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. By understanding these attack methods and implementing appropriate protections, organizations can mitigate risks while still benefiting from the productivity advantages that tools like Microsoft Copilot provide.
This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 13 Mar 2025 16:10:13 +0000