{"id":13800,"date":"2026-06-23T10:03:39","date_gmt":"2026-06-23T10:03:39","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/23\/new-phishing-attack-abuses-outlook-and-microsoft-365-groups-features-to-attack-users\/"},"modified":"2026-06-23T10:03:39","modified_gmt":"2026-06-23T10:03:39","slug":"new-phishing-attack-abuses-outlook-and-microsoft-365-groups-features-to-attack-users","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/23\/new-phishing-attack-abuses-outlook-and-microsoft-365-groups-features-to-attack-users\/","title":{"rendered":"New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users"},"content":{"rendered":"<p>    New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">Phishing attacks have grown more sophisticated, and attackers are no longer relying on clunky fake emails or obvious scam messages. <\/p>\n<p class=\"wp-block-paragraph\">A newly identified campaign shows how threat actors are turning everyday Microsoft 365 tools into weapons, hiding their attacks inside the very workflows employees trust most. <\/p>\n<p class=\"wp-block-paragraph\">This is not a flaw in Microsoft\u2019s software but a deliberate abuse of its legitimate features, and that is precisely what makes it dangerous.<\/p>\n<p class=\"wp-block-paragraph\">The attack targets Microsoft 365 Groups, a collaboration feature that organizations use daily to coordinate teams, share files, and manage internal updates. <\/p>\n<p class=\"wp-block-paragraph\">By taking control of a group and adding victims to it, attackers can slip into a user\u2019s inbox, calendar, and file storage all at once. <\/p>\n<p class=\"wp-block-paragraph\">The welcome email looks clean, the group name looks familiar, and nothing immediately raises suspicion.<\/p>\n<p class=\"wp-block-paragraph\">Analysts from Fortra\u2019s Intelligence and Research Experts (FIRE) team identified and documented this technique, noting that it represents a shift from traditional phishing toward trusted-workflow abuse.\u00a0<\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.fortra.com\/blog\/phishing-through-collaboration\" id=\"https:\/\/www.fortra.com\/blog\/phishing-through-collaboration\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Fortra\u00a0said in a report<\/a> shared with Cyber Security News (CSN) that the attack is designed to make malicious activity appear as routine collaboration. <\/p>\n<p class=\"wp-block-paragraph\">Group names such as \u201cIT Support,\u201d \u201cHR Updates,\u201d \u201cFinance Review,\u201d or \u201cAll Company\u201d are crafted to blend in with internal communications.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/102edb1a-c5bc-4ad9-a15b-345577fb1ee8\/New-Phising-Attack-Abuses-Outlook-and-Microsoft-365-Groups-Features-to-Attack-Users.pdf?AWSAccessKeyId=ASIA2F3EMEYEUK34LUP3&amp;Signature=uGsPyz2Pb3lKw2rQtAs%2FZ9lBBbE%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEFEaCXVzLWVhc3QtMSJHMEUCIQDq3PET5RVLD5cAeBWLynCvySgN13CH3YIhsbHqPvRPBgIgMIkh60h63A7K94J4wxFCMfd5a8I0sm0al%2FHlH8%2FKBKYq8wQIGRABGgw2OTk3NTMzMDk3MDUiDAK2wnGffaaIjC2NdSrQBMzwaLDZov8Z6qQsXv2INkqhV1QTcClitRPOgUhVfn5LCsXCQOezvdi4d7BzNXr6GV2w2SxTGokzy5HNP1R7ob3%2BH4ze4aiuRu0Zq1wYeZVvbooAbvfdk7bI5wzNfMXcQVDfzFq05W5WpnlYB%2BRGwqqd2rsb16sPTpQ0ZN5gkKX9IlNka9moAWXv%2BiM22RT5gZgatK%2B6dkqAkikmF1d1ZPS7HnIfBZUgyAU4wX2TRCRuVD5TeDGS7xYPRkhXLX9uklgA4R7RhucZ9iTpFjSmvWkQdNeZFTwYbrY4tCaLS2DC3tw3VYMWY0Ax3tppQ1NBhQ%2BZVWN0URu4d8K11JekfrocBvxBIv0Akroo5MQ8J5%2BoDjmOHcIpgn4y8%2FoKl3XhmVeQuZCOlEgfZqng1juWhbw7h4WtrFp1RaFqhntqo3Mv3k0YB9uYitvP9vSBuMz5EaVo1hK0%2B0IMdocv3NAm8j9BKL%2BwkejTHRtNN%2FpQ2Y3p1DqCeRPdvCIvHvDRoVIqUsgR%2BU0kCzv2KMajuBgyO5aUQJugOmUZPPbFGfm6Pfkhvlmf4%2FLhmnKCC43lJ478W9Q5QI5InH%2FiicR3cgG2%2FU0ynrIwK5RZGUhjreZm%2FdY64xkEicIpaa%2B0ZrEfgQKXUf4h9X3KzkQ8qZ1XDuMG4lObRcLAn%2F75sGgovak2xF8k3Knz0cWDf5MBSyuMHtfAfe%2FgQj1KPsb3oHHwhKzpvHksP%2FVWT4j6bG4W6eAbG14zJpac65TZAyNbW5kIXUh3s9XSbDMUtOpPkqKgrb7aZbgwuPzo0QY6mAGd3i3QicYsg7ZwDdd%2BBN%2BiuitPatacduSv5EkSoAS%2FPn%2FWFc4wVYvZuHf2g1twnqzTol%2FJ609X%2F6bUJix25bRLyopxObA3WXd3bEAAhF2uNHkJItQwg0uMktO%2F%2FcCYiuZ0rGDt%2FH8kNCdW17NUDNbnI5dH3lCEifm9rjMcHS7%2FVSvpv2fg9xcLGQnaY2Ci%2BgLg0xJe7NLVdQ%3D%3D&amp;Expires=1782205451\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Once a user is inside the attacker-controlled group, follow-up content arrives through the group mailbox, shared documents, or calendar invites. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjDNRoGoCSXYg_GyHMgmgYYOtzk9qxcKv3pcmQf9FPJLJp2TuqT7Q-gtv1GRAcZqer7aVKZcnLxXnORLpyLuqFGzT4b5Ee9goNVBKxSx31baAEMHWeQ9zZPyw6lLVuzN18zc2H1J708iYQC2qdOv-l2iU5R2-gYddflfy1EjqkvCxpkPLhDpyHTOtckZlA\/s16000\/Phishing%2520attack%2520path%2520%28Source%2520-%2520Fortra%29.webp?ssl=1\" alt=\"Phishing attack path (Source - Fortra)\"><figcaption class=\"wp-element-caption\">Phishing attack path (Source \u2013 Fortra)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">Each step mirrors a genuine Microsoft 365 workflow, which is exactly what keeps users from raising an alarm. The risk becomes real when a user takes action, whether that means clicking a link, opening a file, or responding to a request.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/102edb1a-c5bc-4ad9-a15b-345577fb1ee8\/New-Phising-Attack-Abuses-Outlook-and-Microsoft-365-Groups-Features-to-Attack-Users.pdf?AWSAccessKeyId=ASIA2F3EMEYEUK34LUP3&amp;Signature=uGsPyz2Pb3lKw2rQtAs%2FZ9lBBbE%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEFEaCXVzLWVhc3QtMSJHMEUCIQDq3PET5RVLD5cAeBWLynCvySgN13CH3YIhsbHqPvRPBgIgMIkh60h63A7K94J4wxFCMfd5a8I0sm0al%2FHlH8%2FKBKYq8wQIGRABGgw2OTk3NTMzMDk3MDUiDAK2wnGffaaIjC2NdSrQBMzwaLDZov8Z6qQsXv2INkqhV1QTcClitRPOgUhVfn5LCsXCQOezvdi4d7BzNXr6GV2w2SxTGokzy5HNP1R7ob3%2BH4ze4aiuRu0Zq1wYeZVvbooAbvfdk7bI5wzNfMXcQVDfzFq05W5WpnlYB%2BRGwqqd2rsb16sPTpQ0ZN5gkKX9IlNka9moAWXv%2BiM22RT5gZgatK%2B6dkqAkikmF1d1ZPS7HnIfBZUgyAU4wX2TRCRuVD5TeDGS7xYPRkhXLX9uklgA4R7RhucZ9iTpFjSmvWkQdNeZFTwYbrY4tCaLS2DC3tw3VYMWY0Ax3tppQ1NBhQ%2BZVWN0URu4d8K11JekfrocBvxBIv0Akroo5MQ8J5%2BoDjmOHcIpgn4y8%2FoKl3XhmVeQuZCOlEgfZqng1juWhbw7h4WtrFp1RaFqhntqo3Mv3k0YB9uYitvP9vSBuMz5EaVo1hK0%2B0IMdocv3NAm8j9BKL%2BwkejTHRtNN%2FpQ2Y3p1DqCeRPdvCIvHvDRoVIqUsgR%2BU0kCzv2KMajuBgyO5aUQJugOmUZPPbFGfm6Pfkhvlmf4%2FLhmnKCC43lJ478W9Q5QI5InH%2FiicR3cgG2%2FU0ynrIwK5RZGUhjreZm%2FdY64xkEicIpaa%2B0ZrEfgQKXUf4h9X3KzkQ8qZ1XDuMG4lObRcLAn%2F75sGgovak2xF8k3Knz0cWDf5MBSyuMHtfAfe%2FgQj1KPsb3oHHwhKzpvHksP%2FVWT4j6bG4W6eAbG14zJpac65TZAyNbW5kIXUh3s9XSbDMUtOpPkqKgrb7aZbgwuPzo0QY6mAGd3i3QicYsg7ZwDdd%2BBN%2BiuitPatacduSv5EkSoAS%2FPn%2FWFc4wVYvZuHf2g1twnqzTol%2FJ609X%2F6bUJix25bRLyopxObA3WXd3bEAAhF2uNHkJItQwg0uMktO%2F%2FcCYiuZ0rGDt%2FH8kNCdW17NUDNbnI5dH3lCEifm9rjMcHS7%2FVSvpv2fg9xcLGQnaY2Ci%2BgLg0xJe7NLVdQ%3D%3D&amp;Expires=1782205451\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The potential fallout is significant, <a href=\"https:\/\/cybersecuritynews.com\/credential-theft-risks\/\" id=\"106554\" target=\"_blank\" rel=\"noreferrer noopener\">as the victims can face credential theft<\/a>, token capture, malware delivery, data exposure, or further social engineering. <\/p>\n<p class=\"wp-block-paragraph\">Since the attack runs through Microsoft\u2019s own infrastructure, early-stage detection tools may not flag it, giving attackers more time to move through an environment undetected.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/102edb1a-c5bc-4ad9-a15b-345577fb1ee8\/New-Phising-Attack-Abuses-Outlook-and-Microsoft-365-Groups-Features-to-Attack-Users.pdf?AWSAccessKeyId=ASIA2F3EMEYEUK34LUP3&amp;Signature=uGsPyz2Pb3lKw2rQtAs%2FZ9lBBbE%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEFEaCXVzLWVhc3QtMSJHMEUCIQDq3PET5RVLD5cAeBWLynCvySgN13CH3YIhsbHqPvRPBgIgMIkh60h63A7K94J4wxFCMfd5a8I0sm0al%2FHlH8%2FKBKYq8wQIGRABGgw2OTk3NTMzMDk3MDUiDAK2wnGffaaIjC2NdSrQBMzwaLDZov8Z6qQsXv2INkqhV1QTcClitRPOgUhVfn5LCsXCQOezvdi4d7BzNXr6GV2w2SxTGokzy5HNP1R7ob3%2BH4ze4aiuRu0Zq1wYeZVvbooAbvfdk7bI5wzNfMXcQVDfzFq05W5WpnlYB%2BRGwqqd2rsb16sPTpQ0ZN5gkKX9IlNka9moAWXv%2BiM22RT5gZgatK%2B6dkqAkikmF1d1ZPS7HnIfBZUgyAU4wX2TRCRuVD5TeDGS7xYPRkhXLX9uklgA4R7RhucZ9iTpFjSmvWkQdNeZFTwYbrY4tCaLS2DC3tw3VYMWY0Ax3tppQ1NBhQ%2BZVWN0URu4d8K11JekfrocBvxBIv0Akroo5MQ8J5%2BoDjmOHcIpgn4y8%2FoKl3XhmVeQuZCOlEgfZqng1juWhbw7h4WtrFp1RaFqhntqo3Mv3k0YB9uYitvP9vSBuMz5EaVo1hK0%2B0IMdocv3NAm8j9BKL%2BwkejTHRtNN%2FpQ2Y3p1DqCeRPdvCIvHvDRoVIqUsgR%2BU0kCzv2KMajuBgyO5aUQJugOmUZPPbFGfm6Pfkhvlmf4%2FLhmnKCC43lJ478W9Q5QI5InH%2FiicR3cgG2%2FU0ynrIwK5RZGUhjreZm%2FdY64xkEicIpaa%2B0ZrEfgQKXUf4h9X3KzkQ8qZ1XDuMG4lObRcLAn%2F75sGgovak2xF8k3Knz0cWDf5MBSyuMHtfAfe%2FgQj1KPsb3oHHwhKzpvHksP%2FVWT4j6bG4W6eAbG14zJpac65TZAyNbW5kIXUh3s9XSbDMUtOpPkqKgrb7aZbgwuPzo0QY6mAGd3i3QicYsg7ZwDdd%2BBN%2BiuitPatacduSv5EkSoAS%2FPn%2FWFc4wVYvZuHf2g1twnqzTol%2FJ609X%2F6bUJix25bRLyopxObA3WXd3bEAAhF2uNHkJItQwg0uMktO%2F%2FcCYiuZ0rGDt%2FH8kNCdW17NUDNbnI5dH3lCEifm9rjMcHS7%2FVSvpv2fg9xcLGQnaY2Ci%2BgLg0xJe7NLVdQ%3D%3D&amp;Expires=1782205451\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-new-phising-attack-abuses-outlook-and-microsoft-365-groups\" class=\"wp-block-heading\"><strong>New Phising Attack Abuses Outlook and Microsoft 365 Groups<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The mechanics of this campaign are straightforward but clever. An attacker creates or controls a Microsoft 365 group and adds the target either by direct addition or through an invite. <\/p>\n<p class=\"wp-block-paragraph\">The group name and welcome message establish a context designed to feel urgent or routine, such as a payroll update, a mandatory training notice, or a supplier action item.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhWDscKfPmCUEKBwLAZboGyL_qOyOSR-Cmv44uTmQlp8vBx8RsOcnaU2-HuQ5yQH64cQFmI2HbTsNYJsnc0u10kKFOyIxuhRHI3qAn3rpzNl9FZsB5UXqVyXd5nlsjeLbx8nTONkymEuPh4FFDyp7z8LNV6PCaJqUXERvoayTGu-7dg6olYbqizp2K9tk0\/s16000\/Cross-surface%2520visibility%2520map%2520%28Source%2520-%2520Fortra%29.webp?ssl=1\" alt=\"Cross-surface visibility map (Source - Fortra)\"><figcaption class=\"wp-element-caption\">Cross-surface visibility map (Source \u2013 Fortra)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/cybersecuritynews.com\/hackers-deploy-vip-keylogger-through-phishing-emails\/\" id=\"151230\" target=\"_blank\" rel=\"noreferrer noopener\">After the initial group invite, follow-up phishing content<\/a> lands through the group mailbox or shared files. <\/p>\n<p class=\"wp-block-paragraph\">A document shared inside the group can carry a fake support process, a QR code pointing to a credential-harvesting page, or a macro-laced file. Because that content arrives through a Microsoft collaboration surface, users tend to trust it more than they would a direct email attachment.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/102edb1a-c5bc-4ad9-a15b-345577fb1ee8\/New-Phising-Attack-Abuses-Outlook-and-Microsoft-365-Groups-Features-to-Attack-Users.pdf?AWSAccessKeyId=ASIA2F3EMEYEUK34LUP3&amp;Signature=uGsPyz2Pb3lKw2rQtAs%2FZ9lBBbE%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEFEaCXVzLWVhc3QtMSJHMEUCIQDq3PET5RVLD5cAeBWLynCvySgN13CH3YIhsbHqPvRPBgIgMIkh60h63A7K94J4wxFCMfd5a8I0sm0al%2FHlH8%2FKBKYq8wQIGRABGgw2OTk3NTMzMDk3MDUiDAK2wnGffaaIjC2NdSrQBMzwaLDZov8Z6qQsXv2INkqhV1QTcClitRPOgUhVfn5LCsXCQOezvdi4d7BzNXr6GV2w2SxTGokzy5HNP1R7ob3%2BH4ze4aiuRu0Zq1wYeZVvbooAbvfdk7bI5wzNfMXcQVDfzFq05W5WpnlYB%2BRGwqqd2rsb16sPTpQ0ZN5gkKX9IlNka9moAWXv%2BiM22RT5gZgatK%2B6dkqAkikmF1d1ZPS7HnIfBZUgyAU4wX2TRCRuVD5TeDGS7xYPRkhXLX9uklgA4R7RhucZ9iTpFjSmvWkQdNeZFTwYbrY4tCaLS2DC3tw3VYMWY0Ax3tppQ1NBhQ%2BZVWN0URu4d8K11JekfrocBvxBIv0Akroo5MQ8J5%2BoDjmOHcIpgn4y8%2FoKl3XhmVeQuZCOlEgfZqng1juWhbw7h4WtrFp1RaFqhntqo3Mv3k0YB9uYitvP9vSBuMz5EaVo1hK0%2B0IMdocv3NAm8j9BKL%2BwkejTHRtNN%2FpQ2Y3p1DqCeRPdvCIvHvDRoVIqUsgR%2BU0kCzv2KMajuBgyO5aUQJugOmUZPPbFGfm6Pfkhvlmf4%2FLhmnKCC43lJ478W9Q5QI5InH%2FiicR3cgG2%2FU0ynrIwK5RZGUhjreZm%2FdY64xkEicIpaa%2B0ZrEfgQKXUf4h9X3KzkQ8qZ1XDuMG4lObRcLAn%2F75sGgovak2xF8k3Knz0cWDf5MBSyuMHtfAfe%2FgQj1KPsb3oHHwhKzpvHksP%2FVWT4j6bG4W6eAbG14zJpac65TZAyNbW5kIXUh3s9XSbDMUtOpPkqKgrb7aZbgwuPzo0QY6mAGd3i3QicYsg7ZwDdd%2BBN%2BiuitPatacduSv5EkSoAS%2FPn%2FWFc4wVYvZuHf2g1twnqzTol%2FJ609X%2F6bUJix25bRLyopxObA3WXd3bEAAhF2uNHkJItQwg0uMktO%2F%2FcCYiuZ0rGDt%2FH8kNCdW17NUDNbnI5dH3lCEifm9rjMcHS7%2FVSvpv2fg9xcLGQnaY2Ci%2BgLg0xJe7NLVdQ%3D%3D&amp;Expires=1782205451\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-calphishing-when-the-calendar-becomes-the-hook\" class=\"wp-block-heading\"><strong>CalPhishing: When the Calendar Becomes the Hook<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">What makes this campaign especially effective is its use of Calendar Phishing, known as CalPhishing. <\/p>\n<p class=\"wp-block-paragraph\">Once the attacker gains entry through a group invite, a malicious calendar event in .ics format is sent to the victim\u2019s Outlook calendar. That event keeps sending reminders, keeping the phish alive long after the original email may have been deleted or missed.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/102edb1a-c5bc-4ad9-a15b-345577fb1ee8\/New-Phising-Attack-Abuses-Outlook-and-Microsoft-365-Groups-Features-to-Attack-Users.pdf?AWSAccessKeyId=ASIA2F3EMEYEUK34LUP3&amp;Signature=uGsPyz2Pb3lKw2rQtAs%2FZ9lBBbE%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEFEaCXVzLWVhc3QtMSJHMEUCIQDq3PET5RVLD5cAeBWLynCvySgN13CH3YIhsbHqPvRPBgIgMIkh60h63A7K94J4wxFCMfd5a8I0sm0al%2FHlH8%2FKBKYq8wQIGRABGgw2OTk3NTMzMDk3MDUiDAK2wnGffaaIjC2NdSrQBMzwaLDZov8Z6qQsXv2INkqhV1QTcClitRPOgUhVfn5LCsXCQOezvdi4d7BzNXr6GV2w2SxTGokzy5HNP1R7ob3%2BH4ze4aiuRu0Zq1wYeZVvbooAbvfdk7bI5wzNfMXcQVDfzFq05W5WpnlYB%2BRGwqqd2rsb16sPTpQ0ZN5gkKX9IlNka9moAWXv%2BiM22RT5gZgatK%2B6dkqAkikmF1d1ZPS7HnIfBZUgyAU4wX2TRCRuVD5TeDGS7xYPRkhXLX9uklgA4R7RhucZ9iTpFjSmvWkQdNeZFTwYbrY4tCaLS2DC3tw3VYMWY0Ax3tppQ1NBhQ%2BZVWN0URu4d8K11JekfrocBvxBIv0Akroo5MQ8J5%2BoDjmOHcIpgn4y8%2FoKl3XhmVeQuZCOlEgfZqng1juWhbw7h4WtrFp1RaFqhntqo3Mv3k0YB9uYitvP9vSBuMz5EaVo1hK0%2B0IMdocv3NAm8j9BKL%2BwkejTHRtNN%2FpQ2Y3p1DqCeRPdvCIvHvDRoVIqUsgR%2BU0kCzv2KMajuBgyO5aUQJugOmUZPPbFGfm6Pfkhvlmf4%2FLhmnKCC43lJ478W9Q5QI5InH%2FiicR3cgG2%2FU0ynrIwK5RZGUhjreZm%2FdY64xkEicIpaa%2B0ZrEfgQKXUf4h9X3KzkQ8qZ1XDuMG4lObRcLAn%2F75sGgovak2xF8k3Knz0cWDf5MBSyuMHtfAfe%2FgQj1KPsb3oHHwhKzpvHksP%2FVWT4j6bG4W6eAbG14zJpac65TZAyNbW5kIXUh3s9XSbDMUtOpPkqKgrb7aZbgwuPzo0QY6mAGd3i3QicYsg7ZwDdd%2BBN%2BiuitPatacduSv5EkSoAS%2FPn%2FWFc4wVYvZuHf2g1twnqzTol%2FJ609X%2F6bUJix25bRLyopxObA3WXd3bEAAhF2uNHkJItQwg0uMktO%2F%2FcCYiuZ0rGDt%2FH8kNCdW17NUDNbnI5dH3lCEifm9rjMcHS7%2FVSvpv2fg9xcLGQnaY2Ci%2BgLg0xJe7NLVdQ%3D%3D&amp;Expires=1782205451\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The calendar invite can be dressed up as a project meeting, an HR deadline, an admin alert, or an invoice review. Each reminder nudges the user toward taking action over time. <\/p>\n<p class=\"wp-block-paragraph\">This repeated exposure is what separates CalPhishing from a standard one-time email attack. The phishing hook no longer feels like a scam but like an unresolved work task waiting to be handled.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/102edb1a-c5bc-4ad9-a15b-345577fb1ee8\/New-Phising-Attack-Abuses-Outlook-and-Microsoft-365-Groups-Features-to-Attack-Users.pdf?AWSAccessKeyId=ASIA2F3EMEYEUK34LUP3&amp;Signature=uGsPyz2Pb3lKw2rQtAs%2FZ9lBBbE%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEFEaCXVzLWVhc3QtMSJHMEUCIQDq3PET5RVLD5cAeBWLynCvySgN13CH3YIhsbHqPvRPBgIgMIkh60h63A7K94J4wxFCMfd5a8I0sm0al%2FHlH8%2FKBKYq8wQIGRABGgw2OTk3NTMzMDk3MDUiDAK2wnGffaaIjC2NdSrQBMzwaLDZov8Z6qQsXv2INkqhV1QTcClitRPOgUhVfn5LCsXCQOezvdi4d7BzNXr6GV2w2SxTGokzy5HNP1R7ob3%2BH4ze4aiuRu0Zq1wYeZVvbooAbvfdk7bI5wzNfMXcQVDfzFq05W5WpnlYB%2BRGwqqd2rsb16sPTpQ0ZN5gkKX9IlNka9moAWXv%2BiM22RT5gZgatK%2B6dkqAkikmF1d1ZPS7HnIfBZUgyAU4wX2TRCRuVD5TeDGS7xYPRkhXLX9uklgA4R7RhucZ9iTpFjSmvWkQdNeZFTwYbrY4tCaLS2DC3tw3VYMWY0Ax3tppQ1NBhQ%2BZVWN0URu4d8K11JekfrocBvxBIv0Akroo5MQ8J5%2BoDjmOHcIpgn4y8%2FoKl3XhmVeQuZCOlEgfZqng1juWhbw7h4WtrFp1RaFqhntqo3Mv3k0YB9uYitvP9vSBuMz5EaVo1hK0%2B0IMdocv3NAm8j9BKL%2BwkejTHRtNN%2FpQ2Y3p1DqCeRPdvCIvHvDRoVIqUsgR%2BU0kCzv2KMajuBgyO5aUQJugOmUZPPbFGfm6Pfkhvlmf4%2FLhmnKCC43lJ478W9Q5QI5InH%2FiicR3cgG2%2FU0ynrIwK5RZGUhjreZm%2FdY64xkEicIpaa%2B0ZrEfgQKXUf4h9X3KzkQ8qZ1XDuMG4lObRcLAn%2F75sGgovak2xF8k3Knz0cWDf5MBSyuMHtfAfe%2FgQj1KPsb3oHHwhKzpvHksP%2FVWT4j6bG4W6eAbG14zJpac65TZAyNbW5kIXUh3s9XSbDMUtOpPkqKgrb7aZbgwuPzo0QY6mAGd3i3QicYsg7ZwDdd%2BBN%2BiuitPatacduSv5EkSoAS%2FPn%2FWFc4wVYvZuHf2g1twnqzTol%2FJ609X%2F6bUJix25bRLyopxObA3WXd3bEAAhF2uNHkJItQwg0uMktO%2F%2FcCYiuZ0rGDt%2FH8kNCdW17NUDNbnI5dH3lCEifm9rjMcHS7%2FVSvpv2fg9xcLGQnaY2Ci%2BgLg0xJe7NLVdQ%3D%3D&amp;Expires=1782205451\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/cybersecuritynews.com\/aligning-it-and-security-teams\/\" id=\"108197\" target=\"_blank\" rel=\"noreferrer noopener\">Security teams are advised to look beyond the inbox<\/a> when investigating these attacks. Defenders should trace the full chain, covering who created the group, who was added, what files were shared, and whether calendar entries still remain after mail remediation. <\/p>\n<p class=\"wp-block-paragraph\">Organizations can block the sender domain \u201cgroups.outlook.com\u201d at the gateway level to stop external group notifications. <\/p>\n<p class=\"wp-block-paragraph\">Employees also need training to treat unexpected group additions and meeting invites with the same caution they would apply to any unsolicited email, especially when the message carries an urgent or administrative theme.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/102edb1a-c5bc-4ad9-a15b-345577fb1ee8\/New-Phising-Attack-Abuses-Outlook-and-Microsoft-365-Groups-Features-to-Attack-Users.pdf?AWSAccessKeyId=ASIA2F3EMEYEUK34LUP3&amp;Signature=uGsPyz2Pb3lKw2rQtAs%2FZ9lBBbE%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEFEaCXVzLWVhc3QtMSJHMEUCIQDq3PET5RVLD5cAeBWLynCvySgN13CH3YIhsbHqPvRPBgIgMIkh60h63A7K94J4wxFCMfd5a8I0sm0al%2FHlH8%2FKBKYq8wQIGRABGgw2OTk3NTMzMDk3MDUiDAK2wnGffaaIjC2NdSrQBMzwaLDZov8Z6qQsXv2INkqhV1QTcClitRPOgUhVfn5LCsXCQOezvdi4d7BzNXr6GV2w2SxTGokzy5HNP1R7ob3%2BH4ze4aiuRu0Zq1wYeZVvbooAbvfdk7bI5wzNfMXcQVDfzFq05W5WpnlYB%2BRGwqqd2rsb16sPTpQ0ZN5gkKX9IlNka9moAWXv%2BiM22RT5gZgatK%2B6dkqAkikmF1d1ZPS7HnIfBZUgyAU4wX2TRCRuVD5TeDGS7xYPRkhXLX9uklgA4R7RhucZ9iTpFjSmvWkQdNeZFTwYbrY4tCaLS2DC3tw3VYMWY0Ax3tppQ1NBhQ%2BZVWN0URu4d8K11JekfrocBvxBIv0Akroo5MQ8J5%2BoDjmOHcIpgn4y8%2FoKl3XhmVeQuZCOlEgfZqng1juWhbw7h4WtrFp1RaFqhntqo3Mv3k0YB9uYitvP9vSBuMz5EaVo1hK0%2B0IMdocv3NAm8j9BKL%2BwkejTHRtNN%2FpQ2Y3p1DqCeRPdvCIvHvDRoVIqUsgR%2BU0kCzv2KMajuBgyO5aUQJugOmUZPPbFGfm6Pfkhvlmf4%2FLhmnKCC43lJ478W9Q5QI5InH%2FiicR3cgG2%2FU0ynrIwK5RZGUhjreZm%2FdY64xkEicIpaa%2B0ZrEfgQKXUf4h9X3KzkQ8qZ1XDuMG4lObRcLAn%2F75sGgovak2xF8k3Knz0cWDf5MBSyuMHtfAfe%2FgQj1KPsb3oHHwhKzpvHksP%2FVWT4j6bG4W6eAbG14zJpac65TZAyNbW5kIXUh3s9XSbDMUtOpPkqKgrb7aZbgwuPzo0QY6mAGd3i3QicYsg7ZwDdd%2BBN%2BiuitPatacduSv5EkSoAS%2FPn%2FWFc4wVYvZuHf2g1twnqzTol%2FJ609X%2F6bUJix25bRLyopxObA3WXd3bEAAhF2uNHkJItQwg0uMktO%2F%2FcCYiuZ0rGDt%2FH8kNCdW17NUDNbnI5dH3lCEifm9rjMcHS7%2FVSvpv2fg9xcLGQnaY2Ci%2BgLg0xJe7NLVdQ%3D%3D&amp;Expires=1782205451\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 90%,rgb(169,184,195) 100%)\"><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong> <strong><strong><a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener\">Google<\/a><\/strong><\/strong>.<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/new-phishing-attack-abuses-outlook-and-microsoft-365-groups\/\">New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/new-phishing-attack-abuses-outlook-and-microsoft-365-groups\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>New Phishing Attack Abuses Outlook and Microsoft 365 Groups Features to Attack Users Phishing attacks have grown more sophisticated, and attackers are no longer relying on clunky fake emails or obvious scam messages. A newly identified campaign shows how threat actors are turning everyday Microsoft 365 tools into weapons, hiding their attacks inside the very [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-13800","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13800"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13800"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13800\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}