1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft warns Office 365 users over this sneaky phishing campai

    From TechnologyDaily@1337:1/100 to All on Tue Aug 3 23:30:03 2021
    Microsoft warns Office 365 users over this sneaky phishing campaign

    Date:
    Tue, 03 Aug 2021 22:19:36 +0000

    Description:
    Ongoing phishing attack is cleverly disguised to bypass filters and casual scrutiny, Microsoft warns.

    FULL STORY ======================================================================

    Microsoft's Security Intelligence team has shared details about an ongoing phishing email scam that cleverly employs various detection evasion
    techniques to trick most automated filters and users in its attempt to garner Microsoft Office 365 credentials.

    Phishing attacks have skyrocketed with the prevalence of remote working , and have become one of the major threats that plagues businesses these days. A recent survey found an overwhelming majority of the respondents across the
    US, UK, France, Germany, Australia and Japan falling prey to a phishing
    attack in the last year alone.

    Sharing details of the newest campaign, cybersecurity researchers at
    Microsoft said that in addition to Office 365 , the scam also phishes for Google Cloud credentials with the help of a compromised SharePoint site. Here's our choice of the best malware removal software on the market Check
    our list of the best firewall apps and services Protect your devices with these best antivirus software

    "An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters," the Microsoft Security Intelligence team revealed on Twitter . Sneakier than
    usual

    The use of SharePoint in the display name as well as in the message, is one
    of the techniques the scam relies on to appear legitimate, as per the researchers.

    The emails appear to share files that are strategically named as "Staff Reports", "Bonuses", "Pricebooks", and such to appear as legitimate business emails.

    The links however point to phishing pages that tricks users into divulging their Google and Office 365 login credentials.

    "The original sender addresses contain variations of the word "referral" and use various top-level domains, including the domain com[.]com, popularly used by phishing campaigns for spoofing and typo-squatting," share the researchers as they enumerate some of the detection evasion techniques used by this sneakier than usual campaign. These are the best endpoint protection tools around today



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-warns-office-365-users-over-this-snea ky-phishing-campaign/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)