Ethical Hacking News

Malicious Exploitation of Microsoft 365 Admin Portal's Personal Message Field: A Vulnerability to Sextortion Scams

Microsoft 365 Admin Portal has been found vulnerable to abuse by scammers, who use its Personal Message feature to send extortion-themed emails to unsuspecting users. These scams can bypass email security filters due to a limit of 1,000 characters in personal messages, which can be circumvented using browser developer tools. As Microsoft takes steps to prevent such incidents, it is essential for users to remain cautious and report any suspicious activity.

Malicious actors have exploited a vulnerability in Microsoft 365's Personal Message field to send extortion-themed emails.

Sextortion scams, which claim to possess compromising images or videos of an individual, are being sent via the compromised Personal Message field.

The vulnerability was discovered due to the Personal Message field having a character limit of only 1,000 characters, which scammers have found ways to bypass using browser developer tools.

Microsoft has confirmed receipt of reports about these scams and is taking steps to prevent similar incidents in the future.

Users are urged to remain vigilant and report any suspicious emails or messages to the relevant authorities to mitigate this threat.

Microsoft Corporation, a leading provider of productivity software and services, has recently been the subject of criticism for its handling of security vulnerabilities in its popular Microsoft 365 suite. In this latest development, a group of malicious actors has successfully exploited the Personal Message field within the Microsoft 365 Admin Portal to send extortion-themed emails to unsuspecting users. These emails are part of a broader trend of sextortion scams that have gained notoriety online in recent years.

Sextortion scams typically involve scammers claiming that they possess compromising images or videos of an individual, and threatening to share them publicly unless the victim agrees to pay a hefty sum for their "release." The emails often appear to be legitimate communications from Microsoft itself, making it difficult for recipients to discern between genuine messages and those sent by malicious actors.

The source of these extortion emails lies in the Microsoft 365 Admin Portal's Personal Message feature. This feature allows users to send personalized messages to others via email, which can include links or attachments. However, a recent discovery revealed that the Personal Message field has a character limit of only 1,000 characters. Scammers have found ways to bypass this restriction by utilizing browser developer tools to manipulate the

tag's maximum length attribute.<br>
<br>
This manipulation allows malicious actors to send emails with messages exceeding the 1,000-character limit without any truncation issues. The sextortion emails in question typically contain longer paragraphs and detailed explanations of how the victim was compromised, making it difficult for recipients to delete these messages as spam. In an effort to avoid falling prey to such scams, most people have become increasingly vigilant about the content they receive via email.<br>
<br>
Despite Microsoft's efforts to take security seriously, there are still instances where vulnerabilities like this one allow malicious actors to exploit its systems. It is crucial that users remain aware of their surroundings and report any suspicious emails or messages to the relevant authorities.<br>
<br>
Microsoft has confirmed receipt of reports about these sextortion scams sent through the Microsoft 365 Admin Portal and assured that they are taking steps to prevent similar incidents in the future. The company also acknowledged the difficulty of detecting these types of malicious activity, which is why users need to be ever-vigilant and cautious when receiving unexpected emails or notifications.<br>
<br>
Sextortion scams have been a persistent problem since their emergence around 2018, with the most recent versions targeting individuals using Microsoft services like Outlook. In an effort to mitigate this issue, many email security platforms have incorporated spam filtering systems that can detect such malicious messages and quarantine them in separate folders for safe review.<br>
<br>
However, it appears that these measures may not be sufficient to completely eliminate the threat posed by malicious actors exploiting vulnerabilities within Microsoft's systems.<br>
<br>
In a response to a recent inquiry from BleepingComputer.com regarding this issue, a representative from Microsoft expressed gratitude for users bringing such concerns to their attention and stated their intention to take action against security breaches. While the company acknowledges that it cannot perform server-side checks for character lengths of personal messages, they will continue to work on enhancing security measures to protect its customers.<br>
<br>
In an era where technological advancements are constantly being pushed forward, there is a growing recognition of the importance of vigilance and proactive steps in protecting individuals from such threats. It's crucial for users to remain informed about potential risks and stay up-to-date with the latest information regarding these malicious activities.<br>
<br>
<br><br>Related Information:<br><br>
 <li><a href="https://www.bleepingcomputer.com/news/security/microsoft-365-admin-portal-abused-to-send-sextortion-emails/">https://www.bleepingcomputer.com/news/security/microsoft-365-admin-portal-abused-to-send-sextortion-emails/</a></li><br>
<br><font size=1><i>Published: Mon Nov 18 09:46:08 2024 by llama3.2 3B Q4_K_M</i></font></p><br> <p><a href="https://twitter.com/share?ref_src=twsrc%5Etfw" class="twitter-share-button" data-text="Malicious Exploitation of Microsoft 365 Admin Portal's Personal Message Field: A Vulnerability to Sextortion Scams

#Cybersecurity #ITSecurity #InfoSec #CyberNews #Hacking #EthicalHackingNews

@EthHackingNews

" data-url="https://www.ethicalhackingnews.com/articles/Malicious-Exploitation-of-Microsoft-365-Admin-Portals-Personal-Message-Field-A-Vulnerability-to-Sextortion-Scams-ehn.shtml" data-show-count="false"></a><br><br><script type="IN/Share" data-url="https://www.ethicalhackingnews.com/articles/Malicious-Exploitation-of-Microsoft-365-Admin-Portals-Personal-Message-Field-A-Vulnerability-to-Sextortion-Scams-ehn.shtml" style="vertical-align:top;zoom:1;*display:inline"></script><br><br></p><p>  <div class="fb-share-button" data-href="https://www.ethicalhackingnews.com/articles/Malicious-Exploitation-of-Microsoft-365-Admin-Portals-Personal-Message-Field-A-Vulnerability-to-Sextortion-Scams-ehn.shtml" data-width="" data-layout="" data-action="" data-size=""  style="vertical-align:top;zoom:1;*display:inline;"></div> </p>

</section>
</div>
<br><br> <center><div id="update_area"></div></center><br><br>
<br><center>

<a href="https://twitter.com/share?ref_src=twsrc%5Etfw" class="twitter-share-button" data-text="Ethical Hacking News

#Cybersecurity #ITSecurity #InfoSec #CyberNews #Hacking #EthicalHackingNews

@EthHackingNews

" data-url="https://www.ethicalhackingnews.com" data-show-count="false" style="vertical-align:top;zoom:1;*display:inline"></a>
                  <a href="https://twitter.com/EthHackingNews?ref_src=twsrc%5Etfw" class="twitter-follow-button" data-show-count="false" style="vertical-align:top;zoom:1;*display:inline">Follow @EthHackingNews</a>

</td><td style="vertical-align:middle;">

</td><td style="vertical-align:top;">
        <div style="vertical-align:top;zoom:1;*display:inline"><script type="IN/Share" data-url="https://www.ethicalhackingnews.com"></script></div>
</td></tr></table>

<a href="https://www.facebook.com/EthHackingNews" class="fa fa-facebook"></a>

<a href="https://x.com/EthHackingNews" class="fa fa-twitter"></a>
  
<a href="https://www.linkedin.com/company/ethhackingnews" class="fa fa-linkedin"></a>
<br><br>
<br>© Ethical Hacking News <script>document.write( new Date().getUTCFullYear() );</script>. All rights reserved.</li> <br><br><a href="/privacy.shtml">Privacy</a> | <a href="/tou.shtml">Terms of Use</a> | <a href="mailto:info@ethicalhackingnews.com">Contact Us</a></center><br><br><br>
 <script>
                        if (navigator.userAgent.match(/MSIE/)) {
                                alert("This site does not work with Internet Explorer at this time, you are being redirected to our home page.");
                                window.location = 'https://www.threatperspective.com/';
                        } else {
                              //  document.write('<link rel="stylesheet" type="text/css" href="images/style.css" />');
                        }

/* const divs = Array.from(document.querySelectorAll('div'));

divs.sort((a, b) => {
  //if (!a.id || !b.id) return 0;
  //return parseInt(b.id) - parseInt(a.id);
 if (!a.id || !b.id) return 0; // skip if either div has no ID
  const aId = parseInt(a.id);
  const bId = parseInt(b.id);
  if (isNaN(aId) || isNaN(bId)) return 0; // skip if either ID is not a number
  return bId - aId; // sort in descending order (newest first)
}).forEach((div) => {
   document.getElementById('container').appendChild(div);
  //document.querySelector('.container').appendChild(div);
  //document.body.appendChild(div);
});  */

const timestamp = Date.now();
const threedays = 3600 * 72;
const threedaysago = timestamp - threedays;

const url = window.location.href;
if (!url.includes("articles")&&!url.includes("privacy.shtml")&&!url.includes("tou.shtml")) {
 const divs = Array.from(document.querySelectorAll('div'));

const sortedDivs = divs
  .filter((div) => div.id !== null && !isNaN(parseInt(div.id)) && div.id < threedaysago) // filter out divs without a valid ID
  .sort((a, b) => parseInt(b.id) - parseInt(a.id)); // sort in descending order (newest first)

const container = document.getElementById('container');
container.innerHTML = ''; // clear the container

sortedDivs.forEach((div) => {
  container.appendChild(div);
});
	 }
                        function sendReq() {
                                var url = 'https://dev.threatperspective.org/?war=add_message.war&sender=' + document.requestinfo.sender.value + '&nlsrc=ehn&subject=' + document.requestinfo.subject.value + '&message=' + document.requestinfo.message.value + '';
                                var req = null;
                                if(window.XMLHttpRequest) {
                                        req = new XMLHttpRequest();
                                } else {
                                        alert("XMLHttpRequest Issue!!");
                                }
                                if (navigator.userAgent.match(/MSIE/)) {
                                //ies = IE Sucks!!
                                         req.open('GET', url + '&ies=' + Math.random(), true);
                                } else {
                                        req.open('GET', url, true);
                                }
                                req.send(null);
                                req.onreadystatechange = function() {
                                        if (req.readyState == 4) {
                                        //      if(req.status == 200)  {
                                        //              //alert("Y1");
                                        //      } else {
                                        //              alert("An error occurred: " + req.status);

//      }
                                        }

};
                        }

function addform() {
                                var element = document.getElementById('update_area');
					 var form='Sign up for our newsletter!<br><br><form method="POST" name="requestinfo" action="https://dev.threatperspective.org/" autocomplete="off"> <input name="sender" type="hidden" value="newsletter signup"> <br> <input name="subject" type="text" placeholder="<Your Email Address>">  <input type="hidden" name="message" value="Newsletter Signup"> <input type="hidden" name="nlsrc" value="ehn"> <input type="hidden" name="war" value="add_message.war"> <input type=button name="Submit" value="Submit" onclick="submitform()"><br> </form>';
                                element.innerHTML = form;
                        }

function setCookie(name) {
                                var date = new Date();
                                // Set cookie to expire in 10 days
                                date.setTime(date.getTime() + (10 * 24 * 60 * 60 * 1000));
                                var expires = "; expires=" + date.toUTCString();
				var div = document.getElementById(name);

if (div) {
					var htmlSnippet = "<p>*</p>";
				        var divHtml = div.innerHTML;

if (divHtml.trim().endsWith(htmlSnippet)) {
            					// Remove the snippet from the end
				            	div.innerHTML = divHtml.slice(0, -htmlSnippet.length);
						deleteCookie(name);
					} else {
                                		document.cookie = name + "=" + (name || "") + expires + "; path=/";
						updateEpochDiv(name);
					}

}

function updateEpochDiv(idval) {
				var div = document.getElementById(idval);
        			if (div) {
						 div.innerHTML += "<p>*</p>";
        			}

}

function deleteCookie(name) {
			    // Set the cookie with the name to have an expired date
			    document.cookie = name + "=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/";
			}

function listCookies() {
			    // Get all cookies
			    var cookies = document.cookie.split(';');
			    var cookieList = {};

// Parse each cookie into a key-value pair
			    cookies.forEach(function(cookie) {
			        var parts = cookie.split('=');
			        var name = parts[0].trim();
			        var value = parts[1] ? parts[1].trim() : "";
			        cookieList[name] = value;
			    });

// Check for matching div IDs and add "foo" to their text
			    for (var name in cookieList) {
				updateEpochDiv(name);	
    			    }
			}

listCookies();

</script>
    </body>
  </html>

Today's cybersecurity headlines are brought to you by ThreatPerspective

Malicious Exploitation of Microsoft 365 Admin Portal's Personal Message Field: A Vulnerability to Sextortion Scams