{"id":239474,"date":"2026-05-05T02:35:00","date_gmt":"2026-05-05T06:35:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/05\/microsoft-details-phishing-campaign-targeting-35000-users-across-26-countries\/"},"modified":"2026-05-05T09:00:07","modified_gmt":"2026-05-05T13:00:07","slug":"microsoft-details-phishing-campaign-targeting-35000-users-across-26-countries","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/05\/microsoft-details-phishing-campaign-targeting-35000-users-across-26-countries\/","title":{"rendered":"Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-details-phishing-campaign.html\">Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-details-phishing-campaign.html\">https:\/\/thehackernews.com\/2026\/05\/microsoft-details-phishing-campaign.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-05 02:35:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens.<\/p>\n<p>The multi-stage campaign, observed between April 14 and 16, 2026, targeted more than 35,000 users across over 13,000 organizations in 26 countries, with 92% of the targets located in the U.S. The majority of phishing emails were directed against healthcare and life sciences (19%), financial services (18%), professional services (11%), and technology and software (11%) sectors.<\/p>\n<p>&#8220;The lures in this campaign used polished, enterprise-style HTML templates with structured layouts and preemptive authenticity statements, making them appear more credible than typical phishing emails and increasing their plausibility as legitimate internal communications,&#8221; the Microsoft Defender Security Research Team and Microsoft Threat Intelligence said.<\/p>\n<p>&#8220;Because the messages contained accusations and repeated time-bound action prompts, the campaign created a sense of urgency and pressure to act.&#8221;<\/p>\n<p>The email messages used in the campaign employ lures related to code of conduct reviews, using display names like &#8220;Internal Regulatory COC,&#8221; &#8220;Workforce Communications,&#8221; and &#8220;Team Conduct Report.&#8221; Subject lines associated with these emails include &#8220;Internal case log issued under conduct policy&#8221; and &#8220;Reminder: employer opened a non-compliance case log.&#8221;<\/p>\n<p>&#8220;At the top of each message, a notice stated that the message had been &#8216;issued through an authorized internal channel&#8217; and that links and attachments had been &#8216;reviewed and approved for secure access,&#8217; reinforcing the email&#8217;s purported legitimacy,&#8221; Microsoft explained.<\/p>\n<p>It&#8217;s assessed that the emails are sent from a legitimate email delivery service. The messages also come with a PDF attachment that purportedly gives additional information about the conduct review, luring victims to click on a link&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/05\/microsoft-details-phishing-campaign.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries https:\/\/thehackernews.com\/2026\/05\/microsoft-details-phishing-campaign.html Publish Date: 2026-05-05 02:35:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":239476,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiAfU-GpnCdjg1P2f40nj2Y7eLLpsjWNa1TnSlNm3m9F7VkOryT5etD2BouMGxbfatdzukMzeCPXsDagasXWNbcwUPJNkDY-sBox3DkrA0bTYjAEOk4JV8OySSD1_Ni2DgEnoWih83X65e9K1foEaEUetNxoyXFJnGx4Np8VQWrZSnxo2UMmR0Y68L-qf0y\/s1600\/ms-hook.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[25],"class_list":["post-239474","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239474"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=239474"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239474\/revisions"}],"predecessor-version":[{"id":239477,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239474\/revisions\/239477"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/239476"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=239474"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=239474"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=239474"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}