Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
O365 Phishing Campaign Leveraged Legit Domains
A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.
1 Min Read
A phishing campaign aimed at Office 365 users took advantage of a legitimate Adobe marketing redirect mechanism, website script injection, and legitimate domains owned by Samsung, Adobe, and Oxford University to convince victims to hand over the credentials to their Office 365 accounts.
According to researchers at Check Point, the attackers used Oxford University's email servers to launch reputable-looking phishing messages containing content about an unheard voicemail message. A click on the link sent victims to a Samsung server, where the link then redirected to the malicious lookalike site that harvested the Office 365 credentials.
Ultimately, victims landed on one of a series of compromised WordPress websites with a separate subdirectory for each victim leading to unique URLs. The campaign, which has ended, constantly evolved in the way it used the techniques to evade email and web filter security measures.
Read more here.
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event.
About the Author
You May Also Like
More Insights
Webinars
The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024
Events
