Cybercriminals are increasingly weaponizing legitimate Microsoft infrastructure to bypass security filters and trick users into falling for Telephone-Oriented Attack Delivery (TOAD) scams. By abusing the default .onmicrosoft.com When domains are assigned to Azure tenants, attackers send malicious invites that appear to originate from trusted Microsoft addresses. The attack vector is deceptively simple yet highly effective. […]
Hackers Exploiting .onmicrosoft.com Domains to Launch TOAD Scam Attack
Related articles