A wave of phishing emails targeting Microsoft Office 365 corporate usernames and passwords targets a wide range of organizations and tries to use captchas to give victims a sense of security that is unusual. technique.
Captchas are commonly used by online services as a means of ensuring security, requiring some kind of human verification - such as checking or identifying specific images - to prevent automated activity by bots. In this case, cybercriminals are obviously taking advantage of a host of captchas to aid their campaign.
The purpose of the attack is to steal Microsoft Office 365 usernames and passwords. These could be used to gain access to sensitive information, as a means of breaching the network with ransomware or even launching additional attacks against other victim-related companies.
The targeted industries are finance, technology, manufacturing, government, pharmaceuticals, oil and gas.
The campaign has been discovered and analyzed by Menlo Security researchers and includes phishing emails that contain links that lead to a web page that is presented as a portal. connection of Microsoft Office 365. Attacks are customized according to the selected target.
But instead of redirecting the potential victim directly to the fake page, the "credential phishing site" hides behind the captchas, requiring the user to confirm that they are not muzzle.
This could be an attempt to make the fake login page seem more legitimate because people know that usually a captcha page serves as a security check.
But this is not the only captcha control used by attackers, with a second step asking the user recognize images of bicycles and ask them for a third step users to identify the tiles of a pedestrian crossing. Only then will they be redirected to the fake Office 365 login page.
These additional controls prevent automated services from accessing the phishing web page and potentially identifying it as malicious - and provide invaders more likely to steal login credentials.
"The campaign is very productive," Vinay Pidathala, director of security research at Menlo Security, told ZDNet. "After data we have, we would characterize it as a successful campaign. ”
Not sure what kind of feature is behind this phishing campaign. In order to help protect against this or other phishing attacks, it is recommended that organizations implement multi-factor authentication and users be careful when opening links or email attachments, especially if they do not know the sender.