‘Phishing campaigns continue to improve sophistication and refinement’: Microsoft flags major ‘sophisticated’ phishing campaign targeting 35,000 users across 26 countries
- Microsoft says a large phishing wave targeted over 35,000 users across 13,000 companies, mostly in the US
- Polished enterprise‑style emails with urgent prompts were used to bypass security checks
- Victims were funneled through PDFs and CAPTCHAs to harvest Microsoft credentials in real time
Microsoft has warned about a large-scale phishing email campaign against primarily US-based organizations.
In a new in-depth report Microsoft said it observed a new campaign between April 14 and 16 2026 targeting more than 35,000 users in 13,000 companies. While the campaign affected 26 countries, more than nine in ten emails (92%) went to US-based organizations.
Firms in the healthcare and life sciences vertical were most affected (19%), followed by financial services (18%), professional services (11%), and technology and software (11%).
Article continues below
PDFs and tokens
“The lures in this campaign used polished, enterprise-style HTML templates with structured layouts and preemptive authenticity statements, making them appear more credible than typical phishing emails and increasing their plausibility as legitimate internal communications,” Microsoft explained in the advisory.
“Because the messages contained accusations and repeated time-bound action prompts, the campaign created a sense of urgency and pressure to act.”
In these emails, the threat actors assumed different identities, such as “Internal Regulatory COC”, “Workforce Communications”, or “Team Conduct Report”. The emails themselves were themed around “internal case logs”, different reminders, and warnings about non-compliance.
“At the top of each message, a notice stated that the message had been ‘issued through an authorized internal channel’ and that links and attachments had been ‘reviewed and approved for secure access,’ reinforcing the email’s purported legitimacy,” Microsoft further added.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The crooks were apparently sending these emails from legitimate services, bypassing traditional protections such as SPF, DKIM, and DMARC. They were also distributing PDF attachments through which they were redirecting victims to malicious landing pages.
People who would open the PDF files and click on the links inside would first be redirected through multiple CAPTCHAs, to create a false sense of legitimacy, and to filter out any bots or otherwise automated scanning activities.
The final step is to harvest Microsoft credentials and tokens in real-time and thus work around multi-factor authentication (MFA).

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Source
Microsoft says a large phishing wave targeted over 35,000 users across 13,000 companies, mostly in the US Polished enterprise‑style emails with urgent prompts were used to bypass security checks Victims were funneled through PDFs and CAPTCHAs to harvest Microsoft credentials in real time Microsoft has warned about a large-scale phishing…
Recent Posts
- Dave Eggers told OpenAI staff that ChatGPT was ‘silencing an entire generation’
- France doubles down on restricting access to Polymarket
- Apple has banned home service content on upcoming Maps ads
- Google might not kneecap the Pixel 11a with an old processor
- How to watch France vs England: Free Streams, TV Channels & Kick-Off time for FIFA World Cup 2026 third place play-off
Archives
- July 2026
- June 2026
- May 2026
- April 2026
- March 2026
- February 2026
- January 2026
- December 2025
- November 2025
- October 2025
- September 2025
- August 2025
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023