office365

Simple Rules to Protect Against Spoofed & windows.net Phishing Attacks

Recently I've seen an extended rise in usage of Microsoft Azure Blob Storage to host phishing websites targeting Office365 users. Websites hosted under Azure Blob Storage can be accessed using windows.net domains which will naturally add a convincing feature -  valid Microsoft SSL certificate. This “feature” has high probability…