Microsoft has revealed a massive phishing campaign that targeted more than 35,000 users across 26 countries, leaving thousands of organisations at risk.
The cyber attack mainly focused on healthcare, finance, technology, and professional service sectors. According to Microsoft, hackers used fake company-style emails and smart tricks to steal passwords, login details, and even bypass multi-factor authentication systems.
How This Dangerous Scam Worked
The phishing attack looked extremely real. Microsoft said attackers created emails that looked like official company notices. Some messages appeared as compliance warnings, while others looked like urgent workplace updates or code of conduct reminders.
People receiving these emails were pushed to act quickly. That pressure made many users click attached PDF files without thinking too much. Once clicked, the files redirected users to fake login pages controlled by cyber criminals.
The fake pages looked nearly identical to real sign-in portals. Many users reportedly entered their usernames and passwords, believing they were accessing official company systems.
Hackers Used Smart New Tricks
What made this campaign more dangerous was the advanced setup used by attackers. Microsoft explained that hackers added CAPTCHA screens and verification pages before victims reached the fake login portals.
This made the websites appear more trustworthy. It also helped attackers avoid automated security systems that normally detect suspicious websites quickly.
Cyber criminals also used something called adversary-in-the-middle techniques. This method allowed them to capture login credentials and authentication tokens in real time. In some cases, they could even bypass multi-factor authentication protection.
That means even users who had extra security enabled were still at risk.
Which Sectors Were Hit The Most
Microsoft said over 13,000 organisations were targeted during this campaign. Healthcare institutions, banks, technology companies, and professional firms were among the biggest targets.
These sectors often store highly sensitive data, making them valuable for cyber criminals. A successful phishing attack can expose financial records, medical information, employee data, and internal company systems.
Security experts say attacks like these are growing because remote work and digital communication have increased heavily in recent years.
Why Experts Are Concerned
Cybersecurity experts believe phishing scams are no longer simple fake emails filled with spelling mistakes. Modern phishing attacks now look polished, professional, and extremely believable.
Hackers are also using QR codes, fake verification systems, and cloned websites to trick users more easily. Microsoft reported a sharp rise in CAPTCHA-based phishing and QR code scams recently.
Many companies now fear that employees may unknowingly give away login details even after security training. That is why this campaign has created serious concern across industries.
How People Can Stay Safe
Experts say users should avoid opening unexpected attachments, specially PDF files sent through suspicious emails. It is also important to check sender addresses carefully before clicking links.
People should never enter passwords on websites reached through email redirects unless they are fully sure about the source. Security teams are also advising companies to use stronger phishing detection tools and employee awareness training.
Microsoft has not revealed who exactly was behind this campaign yet, but investigations are continuing.
The latest warning clearly shows cyber attacks are becoming smarter every month. What once looked easy to identify now feels almost impossible for many users to detect quickly.
For trusted and latest news updates, viral stories, and trending news of various categories like entertainment news, India news, World news, sports news, technology news, astrology news, health news, Uttar Pradesh news, and lifestyle news, stay tuned with English Newstrack.