Contact Us
Mar 1

March PhishQueue Phishing News

“Looks real. Isn’t. Let PhishQueue decide.”

Microsoft Flags Multi-Stage Phishing and Business Email Compromise Attacks Targeting Organizations

The Growing Threat

What’s Going On?

Security researchers at Microsoft have uncovered a sophisticated phishing campaign that starts with a deceptive email appearing to come from a trusted contact or familiar service. This attack leads to stolen login credentials and allows the attacker to create rules inside a victim’s email account that hide further malicious activity.

Because the messages originate from accounts that have already been compromised, they are more likely to look real and bypass basic security checks.

How It Works:

  1. You receive an email that appears legitimate, often from a known contact or service
  2. The message includes a link to a document or shared file
  3. The link directs you to a fake login page
  4. Your credentials are captured if entered
  5. Attackers gain access, create hidden inbox rules, and send additional phishing emails from your account

Why It Is Dangerous:

  • Messages may come from real, compromised accounts, making them harder to detect.
  • Once attackers control your account, they can spread phishing attempts to your contacts.
  • Hidden inbox rules can prevent you from seeing warning signs.
  • Because attackers are already inside, resetting your password alone may not fully remove the threat.

Attackers can silently take over trusted email accounts, hide their activity, and spread phishing internally, turning one mistake into a widespread breach.

Sources: https://thehackernews.com/2026/01/microsoft-flags-multi-stage-aitm.html

🛡️ Your Best Defense: Your most effective move is not to guess.

If something feels even slightly wrong, submit the message to PhishQueue.

📌 Remember: PhishQueue will analyze the message for you and tell you if it is safe or malicious, with no risk to you.

_____________________________________

🤖 Fake Password Manager Support Emails

🔍 Example: Attackers sent “backup your vault” messages to steal master passwords and stored credentials.

🤖 Brand Impersonation Scams

🔍 Example: Cybercriminals continue to mimic trusted brands like Microsoft, Google, and Amazon.

🤖 Email Domain Spoofing

🔍 Example: Misconfigured systems are exploited to make phishing emails appear internal.

🚨 The Bottom Line

Phishing threats are becoming more dangerous.

👉 Stay safe with PhishQueue.

______________________________________________________

Quick Tips to Stay Safe:

  • Pause before you click. If an email asks you to sign in or update information, think first.
  • Check the sender. Look at the full email address, not just the name that appears.
  • Hover over links. Preview where links actually go before you click.
  • Report to PhishQueue. Use the “Report Phish” button and let PhishQueue give you a safety verdict.

______________________________________________________

🎭 Phishing Joke of the Month

💡Why was the phishing email feeling confident?

👉Because when it said ‘Trust me’, someone actually did.😆

Cybersecurity is serious, but staying informed does not have to be dull!

Stay vigilant,

The PhishQueue Team

Paul Henry's 14 Absolute Truths In Network Security

We must recognize the 14 Absolute Truths In Network Security.

Reality check time – It is not too late.

Here are fourteen things you need to know:

  1. There is no such thing as security, only varying degrees of insecurity…
  2. The network does not exist to be secured…
14 Absolute Truths In Network Security

Download Full Document in PDF Form:

BlogMore from BSI

100% Privacy Guaranteed
Mar 1

March PhishQueue Phishing News

“Looks real. Isn’t. Let PhishQueue decide.” Microsoft Flags Multi-Stage Phishing and Business Email Compromise Attacks Targeting Organizations The Growing Threat What’s Going On? Security researchers at Microsoft have uncovered a sophisticated phishing campaign that starts with a deceptive email appearing to come from a trusted contact or familiar service. This attack leads to stolen login […]

chasitynoel Mar 27 2026
Mar 26

March 2026 Lunch N Learn

This event will be both educational and informative. Attendees are eligible to earn ISC2 and ISACA CPE credits by providing their membership numbers. Certificates for ISC2 and ISACA CPEs will be issued following the event. Speaker:  Justin Formosa brings more than 18 years of experience in IT and cybersecurity, with deep expertise in protecting and […]

chasitynoel Mar 11 2026
Feb 1

February PhishQueue Phishing News

“DocuSign or DocuScam? PhishQueue to the rescue” New Phishing Campaign Uses Fake DocuSign Notifications to Deliver Malware and Steal Information The Growing Threat What’s Going On? Cybercriminals are using fake DocuSign notifications to trick people into clicking links that lead to harmful outcomes. These emails appear to be legitimate requests to review or sign a document. When […]

chasitynoel Feb 28 2026
Mar 11

BSI’s March 2026 Get Lit and Learn Networking Event – Corona Cigar Company

This event will be educational and informative. We offer ISC2 and ISACA CPE credits, if you provide us with your membership number, you are eligible to earn credits. We will provide ISC2 and ISACA certificates following the event. Event Sponsor: Title of Event: BSI Cyber Smoke Event Summary: Join us at Corona Cigar Company for […]

chasitynoel Feb 26 2026
Feb 26

February 2026 Lunch N Learn

This event will be both educational and informative. Attendees are eligible to earn ISC2 and ISACA CPE credits by providing their membership numbers. Certificates for ISC2 and ISACA CPEs will be issued following the event. Speaker:  G. Mark Hardy is the President of National Security Corporation and has been a trusted provider of information security […]

chasitynoel Feb 4 2026
Jan 1

January PhishQueue Phishing News

“Phishing hides in plain sight…PhishQueue brings it to light.” Microsoft Flags Multi-Stage Phishing and Business Email Compromise Attacks Targeting Organizations The Growing Threat What’s Going On? Security researchers at Microsoft have uncovered a sophisticated phishing campaign that starts with a deceptive email appearing to come from a trusted contact or familiar service. This attack leads […]

chasitynoel Jan 28 2026
×

BSI Partners

Airwatch
Algosec
Aruba
Armis
Avertium
Barracuda
BeyondTrust
Bitsight
Blancco
Checkmarx
Check Point
Cisco
CyberArk
Cylance
Digital Guardian
Druva
Duo
Exabeam
F5
Flashpoint
ForcePoint
Forescout
Fortinet
Gigamon
Horizon3
Juniper Networks
Keysight
KnowBe4
LogRhythm
Malwarebytes
Mimecast
NetBrain
Netwrix
Nexthink
Okta
Palo Alto Networks
Proofpoint
Pulsedive
PulseSecure
Qualys
Rapid7
RestorePoint
Riverbed
Salt
SecurityScorecard
SentinelOne
Siemplify
Solarwinds
Sophos
Splunk
Swimlane
Tenable
Teramind
Thales
ThreatStop
Thycotic
Trellix
Trend Micro
Trustwave
Tufin
Varonis
Vectra
VMware