Search
Get in Touch
News

This phishing campaign spoofs internal messages – here’s what we know

TechRadar
TechRadar
  • Misconfigured email servers let attackers spoof domains and bypass SPF, DKIM, and DMARC checks
  • Phishing emails mimic internal messages using kits like Tycoon2FA with HR or voicemail themes
  • Stolen credentials fuel secondary Business Email Compromise (BEC) attacks across broad, non-targeted campaigns

Cybercriminals are abusing misconfigurations in email servers to send highly convincing phishing emails and trick victims into sharing login credentials and other secrets. This is according to Microsoft who, in a recent report, said the practice isn’t new, but it did grow more popular in the second half of 2025.

In the paper, Microsoft explained that crooks are taking advantage of how some companies route email and how they set up their security checks. Normally, email systems use checks like SPF, DKIM, and DMARC to confirm that a message really comes from the organization it claims to be from.

In complex setups (such as when email passes through third-party services or on-prem servers) these checks are sometimes weak or not strictly enforced.

Fake voicemails and password resets

Attackers can then leverage it by sending emails from outside the company but using the company’s own domain as the sender. Because the system doesn’t fully reject failed checks, the email is accepted and marked as “internal.”

Criminals can also copy internal patterns, such as using an employee’s real address in both the sender and recipient fields or familiar display names like IT or HR.

The resulting message looks like a legitimate internal email, making it more likely for the victims to take the bait.

Microsoft says the attackers are using known phishing kits, such as Tycoon2FA, to create convincing lures, usually themed around voicemails, shared documents, communications from HR departments, password resets or expirations, and similar.

Finally, this doesn’t seem to be a targeted campaign. Instead, the attackers are casting as wide of a net as they can, trying to get as many login credentials and other secrets as possible. In some cases, they were able to obtain passwords to email accounts, and then use them in secondary, Business Email Compromise (BEC), attacks.

Via The Hacker News

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Read more @ TechRadar

Previous article
Meta’s $2b Manus acquisition sparks concerns from Chinese regulators
Next article
Razer joins AI bandwagon with external AI accelerator backed by iconic AMD chip architect
TechRadar
TechRadar

Latest posts

I tested the Vari CoreChair and it’s one of my favorites for active sitting and focused tasks, but it’s not for every professional

TechRadar - 0
The Vari CoreChair has genuinely surprised me. I thought that this would be a flash-in-the-pan kind of chair for me, a gimmick that I...

Betterment’s financial app sends customers a $10,000 crypto scam message

The Verge - 0
Betterment, a financial app, sent a sketchy-looking notification on Friday asking users to send $10,000 to Bitcoin and Ethereum crypto wallets and promising to...

‘I don’t think we can call ourselves a toy anymore because we’re an iconic experience company’ — Lego on how Smart Bricks expand the...

TechRadar - 0
Heading into CES 2026, Lego teased that it would be hosting a keynote – but now that the dust has settled, it’s clear the...

‘We’re redefining eyewear on a really high level. I like to use a camera analogy: fixed focus, manual focus, and then autofocus. What we’re...

TechRadar - 0
"Any sufficiently advanced technology is indistinguishable from magic," noted Arthur C. Clarke's Third Law. We tech reporters like to trot the saying out when...

Just days after Ikea launched its cute cube speakers, this bookshelf option fits your flatpack furniture even better

TechRadar - 0
Eversolo has released the SE100 passive bookshelf speakersHardware and specs fit for audiophilesThey’re designed to fit in Ikea Kallax shelvesOne of the loudspeaker standouts...

CES 2026 had a surprising phone presence — here are 5 of my top picks

TechRadar - 0
Usually, CES isn’t really a big showcase for phones and other mobile-centric tech, but this year’s show bucked the trend a bit. While not...

The best projectors of CES 2026: brighter portables, big-screen gaming, and a Dolby Atmos home theater on wheels

TechRadar - 0
New projector launches typically happen at industry shows such as CEDIA and IFA that land in the September timeframe, but there has been a...

Scenes from the anti-ICE march in New York City

The Verge - 0
On Thursday evening in Manhattan's Financial District, hundreds of protesters braved the cold to protest US Immigration and Customs Enforcement (ICE), after an agent...

Did you know that Gmail has emoji reactions?

The Verge - 0
Google rolled out emoji reactions to personal Gmail accounts a little over two years ago, and I completely forgot about it until now -...

This semi-secret Lego Smart Brick feature gives it even more potential

The Verge - 0
The "Lego Ruler". | Photo by Sean Hollister / The Verge We just gave the Lego Smart Brick our Best In Show award at CES...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).

The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.

We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

About Us

© AIVAnet | All rights reserved