Link wrapping attacks on Microsoft 365 accounts
Phishing is becoming increasingly sophisticated — as shown by a recent case made public by Cloudflare. Cyber criminals are combining several techniques to undermine even well-protected systems.
This is how the new attack technique works:
-
Compromised accounts send emails with malicious links.
-
These are shortened in advance using URL shorteners.
-
Security solutions such as Proofpoint or Intermedia then intervene — and wrap the URLs in a supposedly secure link wrapping, i.e. in a trustworthy domain.
-
The recipients do not see any danger at first glance — the attack appears to be “released”.
-
The click leads to deceptively genuine Microsoft 365 login pages that capture login data.
What makes this method so dangerous?
-
Protection systems are tricked because the links appear to be harmless.
-
Recipients do not see a warning because the senders often appear legitimate.
-
Trust in security technologies is being exploited.
What companies should do now:
-
Do not rely on automatic detection.
-
Regularly check the attack surface, even across established services.
-
Use proactive managed security checks such as DEFENDERBOX to simulate attacks and uncover security vulnerabilities before they are exploited.
Because the attackers know your protection mechanisms — and they know how to use them against you.
👉 Do you want to know how your IT security is doing? Find out now here Start cyber check.
Stay vigilant — your IT will stay that way with us.
EN 
DE