Saturday, July 11, 14:52
Home security Microsoft Office 365: Customers phishing campaign target!

Microsoft Office 365: Customers phishing campaign target!

Microsoft Office 365 customers are the target of a phishing campaign that uses it as bait emails, which appear as notifications that are supposedly sent by their company, urging them to update the configuration VPN used to access corporate data during remote work. The phishing emails that appear as requests to update the VPN configuration, which are supposed to be sent by their company's IT support department, have so far reached the incoming messages of up to 15.000 targets, according to company researchers. security email Abnormal Security. These phishing emails are much more dangerous due to the large percentage of employees who work remotely and use VPN to connect to corporate resources from home, to share documents with their colleagues as well as to access corporate servers.

More specifically, intruders forge the sender's email address in phishing emails to match it with domains of their corporate goals and integrate hyperlinks that instead of directing recipients to new VPN configurations, send them to phishing sites designed to steal credentials they have in Office 365. H Abnormal Security stated that various forms of this attack have been observed in many customers, from different sender phishing emails and from different IP addresses. However, the same link was used in all attacks payload, indicating that they were sent by a single phishing control intruder website. These attacks could be very successful in deceiving potential victims, as many recipients may click and log into their Office 365 accounts to avoid losing remote access to the company's servers and files. The page to which candidates are directed is a "cloned" Office 365 login page hosted on Microsoft's domain, abusing Azure Blob Storage and accompanied by a valid Microsoft certificate, making it very more difficult to detect phishing attempt. The abuse of the Azure Blob Storage platform to target Office 365 users is the perfect deception, seeing that the destination pages will automatically receive their own secure page lock due to the SSL wildcard * certificate.

Azure Blob Storage subdomains used in phishing pages are a well-known and very effective tactic that has been mentioned in the past. These phishing attacks can be easily tweaked by setting custom Office 365 blocking rules to take advantage of Office 365 ATP's secure links to automatically turn off anything malicious. If you do not set exclusion rules, the only way to make sure that intruders do not try to steal your credentials while entering them in an Office 365 login form is to remember that the official login pages are hosted by Microsoft at, live .com and domains. Finally, last month, Abnormal Security researchers discovered another extremely convincing phishing campaign based on Office 365 that used "cloned" images from automated alerts. Microsoft Teams trying to steal credentials from nearly 50.000 users.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


US Secret Service: Warns of increased attacks on MSPs

In June, the US Secret Service warned the private sector as well as government agencies that there has been a worrying increase ...

Create an imaginative meme and win a OnePlus Nord

One of the most anticipated financial smartphones of OnePlus, the OnePlus Nord, is going to be presented soon at an event that will take place ...

Sony: Invest $ 250 Million in Fortnite Epic Games!

Sony has made an investment of $ 250 million to acquire a 1,4% stake in Epic Games, ...

C-Data FTTH OLT devices contain backdoors

Serious vulnerabilities and backdoors were discovered by two security researchers in the firmware of 29 FTTH OLT devices, the popular equipment provider C-Data.

Spotify, Pinterest and Tinder are "crashing" because of D. Facebook

Popular applications and services, such as Spotify, Pinterest and Tinder, have cracked iOS devices ....

Technology and Teachers: What Do Experts Appreciate?

Too many educators around the world have struggled to adopt the technological tools in the midst of the pandemic to deliver lessons ...

COVID-19 apps: Virus detection applications violate privacy

COVID-19 apps: Beware, they violate private privacy Virus detection applications violate private privacy by recording more data than they need, setting ...

Debian 8 “Jessie”: Another version in End-of-life stage

After a long support of Debian 8 "Jessie", the development team of the operating system announced that it stops ...

Conti ransomware: Is it the successor to Ryuk ransomware?

Conti ransomware is a new threat targeting corporate networks. Its advanced capabilities allow it ...

Smartwatch tracker that helps vulnerable people can be hacked

Researchers have uncovered a number of serious security issues in a smartwatch tracker used in applications, including services designed for ...