Microsoft warns of phishing campaigns targeting Outlook Web App and Office 365 users
According to preliminary statistics from the end of December 2020 to now, more than 400,000 login information of OWA and Office 365 users worldwide has been stolen. In addition, there are signs that this malicious campaign is continuing to scale and sophistication to abuse new legitimate services, with the ultimate goal of bypassing secure email gateways ( Secure Email Gateways - SEGs).
The recently documented attacks are in fact part of a series of phishing campaigns collectively known as the "Compact" Campaign, which has been going on since early 2020.
" Scammers continue to succeed in using compromised accounts on email marketing services, then using these accounts to send malicious emails from legitimate IP domains and ranges", Microsoft security experts said. "They take advantage of legitimate configuration settings to ensure they can send malicious emails, bypass phishing email detection solutions ."
Outdid the SEGs
The attackers behind this phishing campaign stole more than 400,000 Office 365 and Outlook Web Access credentials since last December. Their phishing emails are disguised as announcements from video conferencing services, various security solutions, as well as business support solutions for added legitimacy.
In addition, hackers also used the compromised accounts for the SendGrid and MailGun emailing services, taking advantage of secure email portals to legalize malicious activity, making them listed as worthy domains. trust. This allows a large amount of phishing emails to bypass the SEG security barrier and reach the target's inbox.
When victims click on links embedded in malicious emails, they are immediately redirected to phishing landing pages, designed to impersonate Microsoft login pages.
" In December 2020, the malicious landing page in this campaign impersonated an Outlook Web App service to trick the target into entering their credentials. In January 2021, the fake landing page resumed its replacement. change, impersonate the Office 365 login website to steal the login information of users of this service ', the report from WMC Global pointed out.
As observed by security experts, this fraud is showing signs of increasing, as scammers are also abusing both Amazon's Simple Email Service (SES) and cloud computing platform Appspot ( used to develop and host web applications in Google-managed data centers) to send phishing emails and generate multiple impersonating URLs targeting each target.
You should read it
- [Infographic] How to recognize and prevent Phishing attacks
- How to report phishing emails in Outlook.com
- [Infographic] 4 types of Phishing are easy to trap users
- Outlook on Android is about to add phishing email feature
- Warning: New email phishing tactics appear
- How to identify phishing emails
- Beware of the 7 most common types of spam
- Phishing attack: The most common techniques used to attack your PC
- GitHub is under strong phishing attack, users pay attention to account security
- The only secure email is the text-only email
- What is Office 365 Attack Simulator? How to use it?
- 5 signs to identify phishing websites
Maybe you are interested
Phishing campaign via email, abusing Microsoft Office templates to spread malicious code
New phishing tool targets Microsoft 365 and Gmail accounts
What are Smishing, Phishing and Vishing? How are they different?
5 signs to identify phishing websites
How to turn on Enhanced Phishing Protection on Windows 11 to display warnings when entering passwords into Notepad and websites
How is Computer Vision used to detect phishing attacks?