Skip to content
Microsoft Secure

Small businesses targeted by highly localized Ursnif campaign

In social engineering attacks, is less really more? A new malware campaign puts that to the test by targeting home users and small businesses in specific US cities. This was a focused, highly localized attack that aimed to steal sensitive info from just under 200 targets. Macro-laced documents masqueraded as statements from legitimate businesses. The...

Read more

Machine learning vs. social engineering

Machine learning is a key driver in the constant evolution of security technologies at Microsoft. Machine learning allows Microsoft 365 to scale next-gen protection capabilities and enhance cloud-based, real-time blocking of new and unknown threats. Just in the last few months, machine learning has helped us to protect hundreds of thousands of customers against ransomware,...

Read more

Enhancing Office 365 Advanced Threat Protection with detonation-based heuristics and machine learning

Email, coupled with reliable social engineering techniques, continues to be one of the primary entry points for credential phishing, targeted attacks, and commodity malware like ransomware and, increasingly in the last few months, cryptocurrency miners. Office 365 Advanced Threat Protection (ATP) uses a comprehensive and multi-layered solution to protect mailboxes, files, online storage, and applications...

Read more

Combating a spate of Java malware with machine learning in real-time

In recent weeks, we have seen a surge in emails carrying fresh malicious Java (.jar) malware that use new techniques to evade antivirus protection. But with our research team’s automated expert systems and machine learning models, Windows 10 PCs get real-time protection against these latest threats. Attackers are constantly changing their methods and tools. We...

Read more

Tech support scams persist with increasingly crafty techniques

(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, Teaming up in the war on tech support scams.)   Millions of users continue to encounter technical support scams. Data from...

Read more

Tax-themed phishing and malware attacks proliferate during the tax filing season

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. Learn how machine learning drives next-gen protection capabilities and cloud-based, real-time blocking of new and unknown threats: Machine learning vs. social engineering Tax-themed scams and social engineering...

Read more

Phishers unleash simple but effective social engineering techniques using PDF attachments

Modern social engineering attacks use non-portable executable (PE) files like malicious scripts and macro-laced documents. Every month, Windows Defender AV detects non-PE threats on over 10 million machines. Learn how machine learning drives next-gen protection capabilities and cloud-based, real-time blocking of new and unknown threats: Machine learning vs. social engineering The Gmail phishing attack is...

Read more

Been shopping lately? Fake credit card email can spook you into downloading Cerber ransomware

As the shopping sprees become increasingly frenetic during holiday season, it’s hard not to worry about how much credit card debt we’re piling. Some of us rely on email notifications from our banks to track the damage to our finances. So what happens when we suddenly get notified about charges for things we never bought?...

Read more

Don’t let this Black Friday/Cyber Monday spam deliver Locky ransomware to you

We see it every year: social engineering attacks that take advantage of the online shopping activities around Black Friday and Cyber Monday, targeting customers of online retailers. This year, we’re seeing a spam campaign that Amazon customers need to be wary of. The fake emails pretend to be notifications from the online retailer that a...

Read more

Congratulations! You’ve won $800,000!!

Well, maybe not. But that’s just one of the many ploys that scammers send in their relentless efforts to part people from their money or sensitive personal information like passwords and account numbers. Microsoft is asking people to take a survey of their experience with online fraud—what kinds of scams they’ve encountered (including those on...

Read more