Cyber Security News

Hackers Exploit Microsoft Copilot for Advanced Phishing Attacks

Hackers have been targeting Microsoft Copilot, a newly launched Generative AI assistant, to carry out sophisticated phishing attacks.

This campaign highlights the risks associated with the widespread adoption of Microsoft services and the challenges that come with introducing new technologies to employees, as per a report by Cofense.

Microsoft Copilot, similar to OpenAI’s ChatGPT, is designed to assist users with tasks such as transcribing emails and drafting documents in Microsoft Word.

Email BodyEmail Body
Email Body

However, its novelty has created an environment where employees may not be fully familiar with its features, making them more susceptible to phishing attempts.

The Phishing Campaign

  1. Invoice Spoofing: Hackers send spoofed emails that appear to come from “Co-pilot,” often with fake invoices for services. Since Copilot is relatively new, employees may be unsure about their financial obligations, increasing the likelihood of interaction with these malicious emails. The emails are designed to closely resemble official communication, making it difficult for users to discern their legitimacy.
Welcome Page
  1. Sign-in Page Spoofing: Upon clicking the link in the email, users are directed to a fake sign-in page that mirrors the layout of Microsoft Copilot. This page is designed to lead users to believe they are accessing a payment dashboard, further convincing them that the process is legitimate. However, the URL reveals the page is not hosted on a genuine Microsoft domain, but rather on a domain like “ubpages.com.”
Phishing Page
  1. Credential Harvesting: The phishing site then prompts users for their login credentials in a convincing manner, using extensive Microsoft branding to legitimize the experience. A key indicator of fraud is the lack of a password recovery option, as threat actors cannot facilitate legitimate password resets.
  2. Multi-factor Authentication Spoofing: After the credentials are entered, users are redirected to a fake Microsoft Authenticator multi-factor authentication (MFA) page. This serves to delay the user, potentially allowing the threat actors time to exploit the stolen credentials before they can be changed.
Authentication Page

To combat these threats, companies need to educate employees about their use of new services like Microsoft Copilot.

This includes communicating whether these services are provided free of charge or will incur costs.

IT departments should distribute guidance that includes visual examples of legitimate communications to help employees identify potential phishing attempts.

By ensuring that employees are well-informed and aware of the official communications they should expect from Microsoft, workplaces can significantly reduce the risk of falling prey to such sophisticated phishing attacks.

As technology continues to evolve and incorporate more AI tools, vigilance and education are critical components in maintaining digital security.

The exploitation of Microsoft Copilot by hackers underscores the importance of keeping employees informed about the tools and services they use.

As businesses adopt more advanced technologies, they must also prioritize cybersecurity education to protect against emerging threats.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

2 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

2 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

3 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

5 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

5 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

5 hours ago