by Liam Tung at ZDNet
Microsoft has warned Office 365 customers that they’re being targeted by a widespread phishing campaign aimed at nabbing usernames and passwords.
The ongoing phishing campaign is using multiple links; clicking on them results in a series of redirections that lead victims to a Google reCAPTCHA page that leads to a bogus login page where Office 365 credentials are stolen.
This particular attack relies on the email sales and marketing tool called ‘open redirects‘, which has been abused in the past to redirect a visitor to a trustworthy destination to a malicious site. Google doesn’t rate open redirects for Google URLs as a security vulnerability, but it does display a ‘redirect notice’ in the browser.
Microsoft warns this feature is being used by the phishing attackers.
“However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter. Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent,” the Microsoft 365 Defender Threat Intelligence Team warns.
This attack’s trick relies on the advice for users to hover over a link in an email to check the destination before clicking…
Continue Reading