KEY POINTS

  • The phishing campaign disguises as a legitimate service like Office 365
  • It uses multiple strategies to evade detection
  • Some bogus login pages even include company logos and branding that make them less suspicious to users

Microsoft has warned Office 365 users about a phishing campaign aimed at stealing their usernames and passwords.

In a security blog published by the Microsoft 365 Defender Threat Intelligence Team, the company warned the public about the phishing attack that puts Office 365 users and organizations at risk. The phishing campaign aims to steal users’ credentials, including passwords.

The phishing attack uses the “open redirect,” an email sales and marketing tool. This is not a new form of attack as threat actors previously used an open redirect to lead users to a malicious site by disguising it as a trusted site, ZDNet reported.

This time, the phishing campaign through open redirect, uses multiple links that lure users to click on them. A click on the link redirects the victims to a Google reCAPTCHA page. The victims will be redirected to a bogus login page where the threat actors steal their credentials including passwords.

The bogus login page is actually an attacker-owned page disguised as a legitimate service like Office 365. The page mimics Microsoft’s single sign-in behavior to prompt the user to enter login credentials.

Many times, some bogus login pages even include company logos and branding that make them less suspicious to the victims.

Once the unsuspecting victim enters the password, the page automatically refreshes and shows an error message or page timed out. This prompts the user to re-enter the details allowing the attackers to ensure the accuracy of the password they acquired.

Microsoft 365 Defender Threat Intelligence Team believes that there is a significant potential payoff behind the phishing attack. The team detected 350 unique phishing domains; an indication that the threat actors are investing with the size of the attack scale.

Microsoft warned that organizations are at risk because 91 percent of cyberattacks are email generated. They evade detection by using multiple strategies and can even trick users who are trained to inspect malicious artifacts in emails as they hover on links. The actors hide their malicious parameters from plain sight that traditional email gateway solutions do not detect them.

The company reminded organizations to have a security solution that can provide a multi-layered defense that can protect their devices from such phishing campaigns.

The high-profile hacks attributed to state-supported groups in Russia and China have prompted calls for the Biden administration to respond to deter cyberattacks and protect cyberspace
The high-profile hacks attributed to state-supported groups in Russia and China have prompted calls for the Biden administration to respond to deter cyberattacks and protect cyberspace AFP / NICOLAS ASFOURI