Warning: New trend may bypass spam filters

Please be advised that we have observed attackers leveraging vulnerabilities in public web services this week to successfully bypass spam and phishing email protections. This has resulted in numerous dangerous phishing emails delivering straight into user inboxes, often without any warnings of their intent.

Most often these emails are arriving with a subject “New FaxMessage from ##########”

NorthSky Technology is making best efforts to respond to these new threats, but largely this problem is much bigger than all of us and we must wait for a larger response from Microsoft’s security team and the companies operating the vulnerable services involved in these attacks. We’ll continue to do our best to react to these as they come, but they are evolving rapidly in ways that we can’t predict.

In the meantime, please be on the lookout for suspicious looking messages in your inbox and be very suspicious of any links purporting to send you faxes or urgent messages, or that prompt you for your sign-in credentials. In particular:

  • Any links to Microsoft Sway documents, DropBox documents, or other hosted documents should be immediately considered malicious.
  • As a rule, any links to a webpage which then links to another site to retrieve a document or view additional information warrants suspicion.
  • Watch for emails with strange formatting, typos, missing spaces, or stretched out images that don’t look right.

The best defense against phishing is to implement procedures for out-of-band confirmation before interacting with the email. For example, if you receive an e-fax from someone, or a request for information, confirm with the sender in person, over the phone, by text message, or by chat application before interacting with the email. It is important not to reply to the email, as the attacker may have control of a compromised account and can reply affirmatively.