---
title: "Cybersecurity News, Exchange Zero-Days Evaded, Fake Email Scam, Report Teams Phishing | DMARC Report"
description: "As ISPs adopt stricter email policies, senders without authentication will face difficulties with email deliveries; this is especially impactful for smaller."
image: "https://dmarcreport.com/og/blog/news-zero-days-email-scam-phishing.png"
canonical: "https://dmarcreport.com/blog/news-zero-days-email-scam-phishing/"
---

Quick Answer

As ISPs adopt stricter email policies, senders without authentication will face difficulties with email deliveries; this is especially impactful for smaller businesses that rely on shared IPs. Even with robust email authentication standards, threat actors find workarounds to target businesses through email-borne threats. Here are the latest news headlines to keep you updated on these threats.

Related: [Free DMARC Checker](/tools/dmarc-checker/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fnews-zero-days-email-scam-phishing%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20News%2C%20Exchange%20Zero-Days%20Evaded%2C%20Fake%20Email%20Scam%2C%20Report%20Teams%20Phishing&url=undefined%2Fblog%2Fnews-zero-days-email-scam-phishing%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fnews-zero-days-email-scam-phishing%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fnews-zero-days-email-scam-phishing%2F&title=Cybersecurity%20News%2C%20Exchange%20Zero-Days%20Evaded%2C%20Fake%20Email%20Scam%2C%20Report%20Teams%20Phishing "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20News%2C%20Exchange%20Zero-Days%20Evaded%2C%20Fake%20Email%20Scam%2C%20Report%20Teams%20Phishing&body=Check out this article: undefined%2Fblog%2Fnews-zero-days-email-scam-phishing%2F "Share via Email") 

![Cybersecurity News, Exchange Zero-Days Evaded, Fake Email Scam, Report Teams Phishing](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-report-4236.jpg) 

As ISPs adopt stricter email policies, senders without authentication will face difficulties with email deliveries; this is especially impactful for smaller businesses that rely on shared IPs. Even with robust email authentication standards, threat actors find workarounds to target businesses through email-borne threats. Here are the latest news headlines to keep you updated on these threats.

> The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses.

## \*\*Threat Actors Bypass Mitigation For Exchange Zero-Days Vulnerabilities, Microsoft Issues New Workarounds Microsoft recently updated its mitigation strategies for the Exchange Server’s newly[ discovered](https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/) and actively exploited zero-day flaws after discovering that malicious actors trivially bypassed them. The two vulnerabilities, CVE-2022-41040 and CVE-2022-41082, are codenamed ProxyNotShell because they resemble another set of flaws called ProxyShell, which Microsoft resolved last year.

Attackers are abusing the shortcomings and executing in-the-wild attacks to gain remote code execution on victimized servers with elevated privileges. Furthermore, it leads to the deployment of web shells.

The Windows maker, yet to release a fix for the bugs, recently acknowledged that a state-sponsored threat actor might be weaponizing the flaws since August 2022\. Consequently, Microsoft revised the URL Rewrite rule (available as a standalone PowerShell script) as a workaround:

- Open IIS Manager
- Select Default WebSite
- Click URL Rewrite in the Feature View
- Click Add Rule(s) in the right-hand side Actions pane
- Click on Request Blocking and click OK
- Add the string .\*autodiscover.json._Powershell._ (excluding quotes)
- Under “Using”, Select Regular Expression
- Under “How to block”, select Abort Request and then click OK
- Expand the rule, selecting the rule with the pattern: .\*autodiscover.json._Powershell._
- Click “Edit” under Conditions
- Change the Condition input, from {URL} to {REQUESTURI}
![Dmarc record](https://media.mailhop.org/dmarcreport/images/2022/10/dmarc-record-7636.jpg) 

## \*\*Scammers Pose as Singapore Prime Minister in a Fake Email Scam Scammers are sending out fake emails, reportedly posing as Prime Minister Lee Hsien Loong, as they target high-profile personalities, including government officials, in pushing various scams. On October 3, 2022, PM Lee posted a photo of the email, which the threat actors had[ designed to look like](https://www.thestar.com.my/tech/tech-news/2022/10/03/scammers-target-spore-prime-minister-in-fake-email-scam) it came from the Prime Minister’s Office.

“The content of the emails varies, the example in this email thanks the recipient for their valued contributions to Singapore,” Lee added. The scammers are relentless, and Lee advised people who receive such emails to ignore them and not forward them to friends or family. “We must stay extra careful and vigilant. If in doubt, you should check before proceeding,” PM Lee said.

Singapore police had earlier warned the public in June to stay vigilant against fake articles that show the Prime Minister endorsing cryptocurrency auto-trading programs. The articles, usually paid advertisements, act as “clickbait” and redirect users to malicious websites when they click on links embedded in these articles.

## \*\*Microsoft to Allow Office 365 Users to Report Teams Phishing Messages Microsoft is actively working on updating Microsoft Defender for Office 365 and allowing employees using Microsoft Teams to alert their organization’s security team if they receive any malicious messages. Microsoft Defender for Office 365 (formerly Office 365 ATP) shields enterprises from malicious threats from email links, messages and collaboration tools.

The in-development feature will[ allow](https://www.bleepingcomputer.com/news/microsoft/microsoft-to-let-office-365-users-report-teams-phishing-messages/?&web%5Fview=true) the admins to filter potentially malicious messages targeting users with payloads or redirecting them to phishing websites. “End users can soon report suspicious Microsoft Teams messages as security threats, similar to emails. Thus, they can help the enterprise to protect itself from attacks through Microsoft Teams,” the team explained on the Microsoft 365 roadmap.

The latest user reporting capability is in preview and might roll out to standard multi-tenants till January 2023, end to web and desktop clients worldwide.

Latest Defender for Office 365 security enhancements: The latest Defender for Office 365 capability builds upon Microsoft announced improvements in July 2021, enabling Microsoft Teams to block phishing attempts automatically.

Microsoft achieved the milestone when it extended Defender for Office 365 Safe Links protection to Teams to help protect users from malicious URL-based phishing attacks.

Microsoft explained that the “Defender for Office 365’s Safe Links scan URLs when a user clicks on it and ensures they are protected with Microsoft Defender’s latest intelligence.”

Built-In Protection patches gaps in organizational protection coverage and is designed to improve the security posture by drastically reducing the breach risk.

![Dmarc check](https://media.mailhop.org/dmarcreport/images/2022/10/dmarc-check-7637.jpg) 

## \*\*Malicious Actors Put Latin American Security Agencies on Edge According to Mexico’s President, many emails from Mexico’s Defense Department are among the electronic communications stolen by a group of hackers from police and military agencies across various Latin American countries. President Andrés Manuel López Obrador acknowledged the breach after the Chilean government announced last week that emails were stolen from its Joint Chiefs of Staff.

The Mexican President spoke at the daily news conference, responding to a local media report that the breach revealed details about the President’s health scare [in January](https://www.securityweek.com/hack-puts-latin-american-security-agencies-edge?&web%5Fview=true). López Obrador downplayed the attack, saying, “there’s nothing unknown about me.” He added that the breach occurred during a change in the Defense Department systems.

On the other hand, Chile was so concerned about the breach that it summoned its defense minister back from the US last week, who had gone there to attend the United Nations General Assembly, accompanying President Gabriel Boric.

The ten terabytes of data stolen by the threat actors include emails from Colombia, El Salvador, Peru’s militaries, and El Salvador’s National Police. The Mexican data portion appeared to be the largest.

A group of self-described, anonymous social justice warriors calling themselves Guacamaya say they launch hacking campaigns to expose corruption and injustice in defense of Indigenous people. Hackers with the same name previously attacked and released the emails of a mining company accused of environmental and human rights abuses in Guatemala.

## \*\*Final Words The increased significance of email authentication results from the continued use of email by adversaries as a platform for spam, fraud and spoofing. As evident from the stories above, tech giants like Microsoft are taking robust measures to protect their users from phishing and spam emails. The increased necessity for email authentication for successful delivery is a part of that combined effort.

## Topics

[ DMARC ](/tags/dmarc/) 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

[ Brad Slavin ](/authors/brad-slavin/) 

General Manager

Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.

[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 8m  10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective  Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[  Foundational 12m  10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast  Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[  Foundational 12m  10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection  Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[  Foundational 12m  10 Reasons SPF Filtering Is Critical For Email Security  Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News, Exchange Zero-Days Evaded, Fake Email Scam, Report Teams Phishing","description":"As ISPs adopt stricter email policies, senders without authentication will face difficulties with email deliveries; this is especially impactful for smaller.","url":"https://dmarcreport.com/blog/news-zero-days-email-scam-phishing/","datePublished":"2022-10-26T05:41:01.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2022-10-26T05:41:01.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/news-zero-days-email-scam-phishing/"},"articleSection":"foundational","keywords":"DMARC","wordCount":1047,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-report-4236.jpg","caption":"Cybersecurity News, Exchange Zero-Days Evaded, Fake Email Scam, Report Teams Phishing","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Cybersecurity News, Exchange Zero-Days Evaded, Fake Email Scam, Report Teams Phishing","item":"https://dmarcreport.com/blog/news-zero-days-email-scam-phishing/"}]}
```