banner1
Logo Blinking Image
banner2

HOME
Breaking News

Phishing actors spoofing domains by exploiting complex routing and misconfigurations

by VARINDIA 2026-01-10
Phishing actors spoofing domains by exploiting complex routing and misconfigurations

Phishing actors are abusing complex email routing setups and poorly configured spoofing protections to impersonate organizations’ domains and send phishing emails that appear to originate from within the organization. This technique has been used to distribute a wide range of phishing messages linked to phishing-as-a-service (PhaaS) platforms such as Tycoon2FA. Common lures include fake voicemails, shared documents, HR communications, password reset or expiration notices, and similar themes designed to steal credentials.

While this attack method is not new, its use has become more widespread and visible since May 2025. Microsoft has observed that these campaigns are largely opportunistic rather than targeted, with phishing emails sent to organizations across multiple industries and sectors. In some cases, the same vector has also been used to carry out financial fraud. Although these campaigns resemble other credential-phishing efforts in many ways, they are distinguished by their reliance on complex routing paths and misconfigured spoofing defenses. Notably, this technique does not affect organizations whose Microsoft Exchange MX records point to Office 365, as those tenants are protected by built-in spoofing detection.

Because these phishing emails appear to be sent internally, they may be particularly convincing. If credentials are compromised, attackers can carry out data theft, business email compromise (BEC) attacks, or financial fraud, potentially resulting in significant remediation efforts or monetary losses. While Microsoft blocks most of these attempts, organizations can further reduce their risk by correctly configuring spoofing protections and third-party connectors to prevent such messages from reaching user inboxes.

Attackers are seen exploiting these routing scenarios and shares insights from observed attacks. It includes concrete examples, technical analysis of phishing emails, spoofing configurations, and email headers to help identify this attack vector.

er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Almost half of Indian companies build SOCs to enhance cybersecurity

Almost half of Indian companies build SOCs to enhance cybersecurity

India’s cyber resilience needs a clean recovery reset, says Dell Technologies and CSAI

India’s cyber resilience needs a clean recovery reset, says Dell Technologies and CSAI

Sophos launches browser-based security platform for hybrid work environments

Sophos launches browser-based security platform for hybrid work environments

SOFTWARE
View All
Entri and Udemy partner to deliver job-ready learning in multiple Indian languages

Entri and Udemy partner to deliver job-ready learning in multiple Indian languages

Elastic announces general availability of agent builder with expanded capabilities

Elastic announces general availability of agent builder with expanded capabilities

GlobalLogic and Elektrobit deepen collaboration to drive software-defined vehicle development

GlobalLogic and Elektrobit deepen collaboration to drive software-defined vehicle development

START - UP
View All
FaceOff: The Data Lineage Company Towards Trusted, Secure and Privacy-First Data Ecosystems

FaceOff: The Data Lineage Company Towards Trusted, Secure and Privacy-First Data Ecosystems

Neokred CEO Rohith Reji secures consecutive Forbes 30 under 30 honors

Neokred CEO Rohith Reji secures consecutive Forbes 30 under 30 honors

12 Made-in-India Foundation Models Powering the India AI Impact Transformation

12 Made-in-India Foundation Models Powering the India AI Impact Transformation

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
FaceOff as a Specialized Data Lineage Firm

FaceOff as a Specialized Data Lineage Firm

Manupatra launches AI-powered search platform to transform legal research in India

Manupatra launches AI-powered search platform to transform legal research in India

Samsung previews AI-powered WindFree ACs for smarter, energy-efficient home cooling in India

Samsung previews AI-powered WindFree ACs for smarter, energy-efficient home cooling in India

Infineon and NIELIT to strengthen India's semiconductor ecosystem

Infineon and NIELIT to strengthen India's semiconductor ecosystem

Aurionpro expands presence in India's banking sector

Aurionpro expands presence in India's banking sector

Power Shortage Threatens Data Center Growth Forecasts

Power Shortage Threatens Data Center Growth Forecasts

TCS Automotive Digital Twindex launched at CES 2026

TCS Automotive Digital Twindex launched at CES 2026

LTSCT and Andes Technology sign strategic IP Licensing Master Agreement

LTSCT and Andes Technology sign strategic IP Licensing Master Agreement

NXP launches UCODE X for high-volume RAIN RFID applications

NXP launches UCODE X for high-volume RAIN RFID applications

Apple Designer Behind iPhone Air Moves to Rising AI Startup

Apple Designer Behind iPhone Air Moves to Rising AI Startup

dsf