Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Microsoft also has some of the phishiest looking domains when you are redirected around the O365 cloud.


Absolutely, I am so glad I'm not the only person who feels this way. Microsoft does not understand domain names.

They use 1drv.ms as the domain in OneDrive emails, and sometimes it almost looks like the .ms ccTLD belongs to them - it very much doesn't, anyone can register a .ms domain.

windows.net being an Azure domain that third parties can have content under is fitting.

It sometimes looks like they want their users to be phished.

Microsoft is a smart company though, I really hope they can sort this out.


100%. Starting with "onmicrosoft.com". A phisher wouldn't really have to control Microsoft.com to take advantage of confusion.


There were several phishing attempts from that domain, onmicrosoft.com, to my personal email account this past week.


Microsoft.com has been constantly trying to fool me into subscribing to their Office tools.


The only thing that competes is the redirecting when you log into any health portal.


Indeed, take a look at the lists of azure and o365 domains, they're all over the place:

https://learn.microsoft.com/en-us/microsoft-365/enterprise/u...

https://learn.microsoft.com/en-us/azure/security/fundamental...


Yeah. Easy to spot when your session expires - first they're still using login.live.com, just to redirect you to login.microsoftonline.com.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: