National Cyber Directorate Warns of Microsoft-Impersonation Phishing Campaign

Israel’s National Cyber Directorate issued an urgent warning on Sunday after a wave of sophisticated phishing messages impersonating Microsoft services, especially Microsoft Teams and Power BI. The messages have been spreading widely in recent days and invite recipients to view a shared document or approve access to a file, but the real goal is to steal login credentials and take over accounts.

According to the directorate, the fake messages appear to come from familiar Microsoft services and include a link to a counterfeit login page. That page asks users to enter an authentication code or approve a sign-in, which sends the credentials to the attackers. Officials said the campaign is especially dangerous because it exploits the trust millions of Israelis place in Microsoft for work and personal use.

The fraudulent emails and messages look convincing, with Microsoft logos, polished design and apparently authentic email addresses. The link leads to a page that closely imitates Microsoft’s real sign-in screen, and only careful inspection of the website address can expose the scam. The directorate said a similar campaign was recently seen on WhatsApp using fake messages that appeared to come from the Israeli food company Tnuva.

The warning listed several signs of impersonation, including unexpected messages, urgent requests to approve access or enter a code, suspicious links that do not end in microsoft.com, and login prompts opened from a link. Officials stressed that even if a message appears to come from someone known, that account may have been compromised. The agency advised users not to click unexpected links, not to enter authentication codes or login details, not to approve unrequested access, and to verify suspicious requests through a separate communication channel. In a statement, the directorate said, “We are seeing a significant increase in sophisticated phishing attacks impersonating familiar services. The public must remain alert and act cautiously whenever asked to enter login details or verification codes.”