{"id":336292,"date":"2021-09-07T19:15:03","date_gmt":"2021-09-07T16:15:03","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/outlook-contact-cards-can-easily-be-spoofed\/"},"modified":"2021-09-07T19:15:03","modified_gmt":"2021-09-07T16:15:03","slug":"outlook-contact-cards-can-easily-be-spoofed","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/outlook-contact-cards-can-easily-be-spoofed\/","title":{"rendered":"#Outlook Contact Cards Can Easily Be Spoofed"},"content":{"rendered":"

“#Outlook Contact Cards Can Easily Be Spoofed”<\/strong><\/p>\n

\n\"\"<\/p>\n

Phishing attacks are one of the oldest ways for malicious individuals to steal information, and an old-school phishing method has found its way into Outlook. Using characters from different alphabets, people can make victims believe spoofed emails are from genuine contacts, as reported by ArsTechnica.<\/a><\/p>\n

Fortunately, Outlook has received an update that fixes the problem, according to Mike Manzotti from dionach. <\/a>Make sure to get the latest version, so you don\u2019t fall victim to these phishing attacks.<\/p>\n

Essentially, what\u2019s happ<\/a>ening here is phishers are using Microsoft Office to show a person\u2019s contact information even though the emails come from spoofed Internationalized Domain Names. The spoof comes from using different alphabets, such as Cyrillic, with characters that look like they would in the Latin alphabet.<\/p>\n

Information security professional and pentester Dobby1Kenobi<\/a>\u00a0did some testing and found that it was pretty easy to trick the system before the update was issued. It\u2019s interesting how much the characters look similar, and if you aren\u2019t paying attention, it\u2019s easy to see how someone could fall for it.<\/p>\n

In a blog post<\/a>, Dobby1Kenobi said the following:<\/p>\n

I recently discovered a vulnerability that affects the Address Book component of Microsoft Office for Windows that could allow anyone on the internet to spoof contact details of employees within an organization using an external look-alike Internationalized Domain Name (IDN).\u00a0This means if a company\u2019s domain is \u2018somecompany[.]com\u2019, an attacker that registers an IDN such as \u2018\u0455omecompany[.]com\u2019 (xn--omecompany-l2i[.]com) could take advantage of this bug and send convincing phishing emails to employees within \u2018somecompany.com\u2019 that used Microsoft Outlook for Windows.<\/p>\n<\/blockquote>\n

When working correctly, using domains outside of the actual organization wouldn\u2019t show the address book entry for the person being spoofed, but with this bug, it would look like the email was coming from the person.<\/p>\n

Microsoft investigated the case, and initially, it sounded like the company wasn\u2019t going to fix the problem:<\/p>\n

We\u2019ve finished going over your case, but in this instance it was decided that we will not be fixing this vulnerability in the current version and are closing this case.\u202f In this case, while spoofing could occur, the senders identity cannot be trusted without a digital signature. The changes needed are likely to cause false positives and issues in other ways.<\/p>\n<\/blockquote>\n

However, as mentioned, Microsoft did update Outlook to fix the problem. As always, let this serve as a reminder to be aware of who emails are coming from and verify that it\u2019s actually from who you think it is before you click any links. Also, make sure to keep your important apps up-to-date, as you want to make sure you have those security updates.<\/p>\n<\/div>\n