This phishing site looked exactly like the Microsoft authentication site, except for the web address. Nothing further from the truth, since the victim was actually redirected to the redirector's site, where the malware could have been fixed. The hackers used emails with HTML attachments that were sent to multiple recipients in the organization, in which the recipients were informed that they had a voice message.įrom there, clicking to view the included attachment will open the HTML file in the user's default browser, informing the specific user that the voice message is being downloaded. The aforementioned major cyberattack targeted Office 365 users and spoofed the Office Online Authentication page using proxies. The cybercriminals involved in this scheme used man-in-the-middle (AiTM) phishing sites to facilitate the theft of passwords and associated session data.Īs a result, this allowed attackers to bypass multi-factor authentication protection to gain access to users' mailboxes and launch subsequent attacks using corporate email compromise campaigns against other targets.
Microsoft experts uncovered a new phishing campaign Yes, that's a lot of goals, and we're going to expand on that and tell you exactly what to look out for when using Office. We've already talked about a similar phishing campaign targeting Office 365 users late last year, which is a sign that attackers won't give up. You may not know it yet, but Microsoft's top security researchers and engineers have actually stumbled upon a massive phishing attack targeting more than 10 organizations since September 000. We haven't touched on the topic of malware and cyberattacks for a while, so we're going to get back on that horse and blow the whistle. 68 New Office 365 phishing campaign uses multi-factor authentication
0 kommentar(er)
