ADVERTISEMENT

Your domain, their bait: Microsoft warns businesses on internal email phishing loopholes

Threat actors are abusing routing configurations and improperly set spoofing protections to impersonate an organization’s own domain, sending phishing emails that appear to originate from internal sources, Microsoft has warned.

microsoft-phishing-domains

Image by Cybernews.

Gintaras Radauskas
Gintaras Radauskas Senior Journalist
Jan 8, 2026 2 min read
jurgita justinasv Izabelė Pukėnaitė vilius Ernestas Naprys Gintaras Radauskas
Don't miss our latest stories on Google News. Add us as your Preferred Source on Google
Add us as your Preferred Source on Google.
ADVERTISEMENT
The vast majority of phishing campaigns that leverage this approach are using the Tycoon 2FA PhaaS kit.
Has my data been leaked?

ADVERTISEMENT