By Eduard Kovacs
Publication Date: 2026-05-05 14:45:00
Microsoft has warned organizations in the United States about a sophisticated phishing campaign that uses a “code of conduct review” theme to lure victims to a malicious website.
The tech giant observed more than 35,000 attempts between April 14 and 16. The malicious emails were received by users across roughly 13,000 organizations in 26 countries, but 92% of the targets were in the US.
Many of the messages were received by users in the healthcare and life sciences, financial services, professional services, and technology and software sectors.
The phishing emails purport to be internal regulatory or compliance messages, with display names such as ‘Team Conduct Report’, ‘Workforce Communications’, and ‘Internal Regulatory COC’, and subject lines such as ‘Reminder: employer opened a non-compliance case log’ and ‘Internal case log issued under conduct policy’.
“Analysis of the sending infrastructure indicated…
