The new Microsoft 365 login pages are fake

The new login interface for Azure AD and Microsoft 365 services was changed in late February of this year, and launched in late April. According to Microsoft, the purpose of changing this interface is to reduce bandwidth requirements to download Azure AD login pages, and also help users easily identify the home page interface and avoid phishing pages in the old Microsoft interface.

In response to this move, phishing activities began a new campaign with multiple login sites that looked similar to Microsoft's login pages. In an article on Microsoft Twitter announced that: 'Office 365 ATP data shows that the attackers have started to fake the new Azure AD login page. We have seen several phishing websites used in these campaigns. ' This shows that the adaptation of phishing activities is very quick and sophisticated, they easily make their attacks extremely convincing in front of users. And from there the victim will be easily fooled into clicking on fake attachments and revealing personal information.

According to Microsoft, this is not the only offensive campaign targeting Azure AD and Microsoft 365, another series of high-profile phishing attacks were recorded when they forged messages of Microsoft Teams application to collect. Office 365 login information from tens of thousands of victims.

Microsoft's Sway service was also impersonated in a phishing campaign called PerSwaysion to trick recipients into sending their Office 365 credentials.