{"id":265,"date":"2026-02-09T15:03:55","date_gmt":"2026-02-09T20:03:55","guid":{"rendered":"https:\/\/freshphish.info\/?p=265"},"modified":"2026-02-09T15:05:25","modified_gmt":"2026-02-09T20:05:25","slug":"toad-sent-through-microsoft","status":"publish","type":"post","link":"https:\/\/freshphish.info\/?p=265","title":{"rendered":"TOAD Sent Through Microsoft"},"content":{"rendered":"\n<p>Just an FYI about a new type of phish we\u2019ve seen over the past couple of months. I implemented a block specifically for this phish. The emails are sourced from Microsoft systems and they link to subdomains in the legitimate onmicrosoft.com domain. Note that even Microsoft appears to be aware of these emails based on the message at the top of the email. The links don\u2019t appear to be malicious per se. The emails are TOADs, providing a phone number to call for a refund scam. That said, I don\u2019t want these emails containing links to potentially dangerous sites in our users mailboxes.<\/p>\n\n\n\n<p>Microsoft &#8220;Invitations&#8221; are sent from &#8220;invites@microsoft.com&#8221;, which is a legitimate Microsoft service so we can&#8217;t just block all of these emails.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"993\" height=\"615\" src=\"https:\/\/freshphish.info\/wp-content\/uploads\/2026\/02\/Untitled-1.png\" alt=\"\" class=\"wp-image-269\" srcset=\"https:\/\/freshphish.info\/wp-content\/uploads\/2026\/02\/Untitled-1.png 993w, https:\/\/freshphish.info\/wp-content\/uploads\/2026\/02\/Untitled-1-300x186.png 300w, https:\/\/freshphish.info\/wp-content\/uploads\/2026\/02\/Untitled-1-768x476.png 768w\" sizes=\"auto, (max-width: 993px) 100vw, 993px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Just an FYI about a new type of phish we\u2019ve seen over the past couple of months. I implemented a<\/p>\n<p><a href=\"https:\/\/freshphish.info\/?p=265\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\">TOAD Sent Through Microsoft<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[12],"tags":[19,4,49],"class_list":["post-265","post","type-post","status-publish","format-standard","hentry","category-phish","tag-microsoft","tag-phish","tag-toad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/freshphish.info\/index.php?rest_route=\/wp\/v2\/posts\/265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/freshphish.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/freshphish.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/freshphish.info\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/freshphish.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=265"}],"version-history":[{"count":2,"href":"https:\/\/freshphish.info\/index.php?rest_route=\/wp\/v2\/posts\/265\/revisions"}],"predecessor-version":[{"id":270,"href":"https:\/\/freshphish.info\/index.php?rest_route=\/wp\/v2\/posts\/265\/revisions\/270"}],"wp:attachment":[{"href":"https:\/\/freshphish.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/freshphish.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/freshphish.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}