August PhishQueue Phishing News
“Impersonation is the new infiltration — stay alert with Phishqueue.”
Fake Microsoft Apps Used to Steal Login Codes
The Growing Threat
What’s Going On?
Bad guys are sending fake emails that pretend to come from Microsoft or commonly used applications like SharePoint, DocuSign, or Adobe. These emails prompt recipients to click and “approve” something that looks harmless. In reality, the attackers are trying to trick you into giving access to your account — including your multi-factor authentication (MFA) code (the one-time code you receive when logging in).
Once they obtain that code, they may be able to access your Microsoft account — and in some cases, even retain access after you change your password.
Sources: CSO Online – Cybercrooks Faked Microsoft Authentification Apps
🛡️ Your Best Defense: Do Not Guess. Submit It.
If something feels even a little weird — do not click.
Instead, click the PhishQueue button in your email toolbar.
📌 Remember: Our team will examine the email for you and let you know whether it is safe.
Do not try to figure it out on your own — that is what we are here for
_____________________________________
🤖Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts
🔍 Example: What actually happened: Scammers created over 50 fake Microsoft applications. The apps looked real and had names like “DocuSign Secure” or “RingCentral Meeting.” People clicked, approved the apps, and unknowingly granting access to their accounts.
The result: It worked — almost 3,000 users in 900 companies were successfully compromised.
🚨 The Bottom Line
Even if an app or email looks real, that doesn’t mean it is.
👉 When in doubt — PhishQueue it.
______________________________________________________
Quick Tips to Stay Safe:
- Always use the PhishQueue button if you are unsure.
- Never trust links just because they look like Microsoft or Google.
- Do not approve app requests unless you are expecting them.
- If something is urgent and surprising — that is a red flag.
______________________________________________________
🎭 Phishing Joke of the Month
💡Why don’t phishers throw parties?
👉Because no one wants to RSVP – they just click PhishQueue instead.😆
Cybersecurity is serious, but staying informed does not have to be dull!
Stay vigilant,
The PhishQueue Team