Microsoft Warns of Sneaky Phishing Campaign

Microsoft's Security Intelligence team sounds the alarm on a sneaky phishing email campaign with fake sender addresses. The phishing email also cleverly employs various detection evasion techniques to trick most automated filters and users in its attempt to garner Microsoft Office 365 credentials.


The alert was sent after observing an active campaign that was zoning in on Office 365 organizations with convincing emails.

In a statement by Microsoft, "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters."

Microsoft notes that this campaign is sneakier than usual due to the convincing Microsoft logos with the link posing as a 'file share' request to access bogus reports. However, the main phishing URL relies on a Google storage resource that takes the victim to the Google App Engine domain Appspot. This results in hiding a second URL that directs the victim to a compromised SharePoint site, and thus allowing the attack to bypass sandboxes.

Researchers at Microsoft have published details

Researchers at Microsoft have published details regarding the architectures connected to the spoofed emails mimicking SharePoint and other products for credential phishing. "The operator is also known to use legitimate URL infrastructure such as Google, Microsoft, and Digital Ocean to host their phishing pages," Microsoft added.

Accounting to the FBI

According to the FBI's latest figures, phishing attacks have cost Americans more than $4.2 billion last year. Fraudsters employ business email compromise (BEC) attacks, which rely on compromised email accounts or email addresses that are similar to legitimate ones and are difficult to filter as they blend within normal, expected traffic. BEC attacks are far more costly than high-profile ransomware attacks.


Previous
Previous

Holistic Ransomware Security Approach

Next
Next

What you need to know about CMMC Compliance