advice to business leaders, beware of phishing!

Proofpoint’s computer security researchers have just discovered the existence of a vast phishing campaign organized on Microsoft 365. Hackers primarily target executives, business leaders or employees in charge of sensitive information or Financial assets.

microsoft 365 phishing
Credit: 123RF

While Microsoft Teams is regularly hijacked by Russian hackers to infiltrate governments and government agencies, Microsoft 365 is also often targeted by hackers.

Indeed, the subscription that provides access to all of Microsoft’s office software is a marvel for hackers, who use it to launch large-scale phishing operations. In 2021, we alerted our readers to this phishing attack against Microsoft 365 users.

However, computer security researchers from Proofpoint have just discovered the existence of a new phishing campaign. The hackers’ main objective: to steal Microsoft 365 accounts. To do this, they rely on a phishing software provider called EvilProxy.

Beware of this new phishing campaign on Microsoft 365

This tool, billed at $400 a month, has been used by perpetrators of mischief to send no less than 12,000 malicious emails to more than a hundred organizations over the past two months. Through this phishing campaign, hackers attempted to steal login credentials as well as two-factor authentication codes. The method used is very simple: hackers pretend to be Microsoft services and include spoofed links in these malicious emails.

By clicking on it, victims are redirected to a fake form, specially designed to collect their login information. “In order to hide the user’s email address from automatic analysis tools, the attackers used a special encoding of the user’s email address and used legitimate websites to upload their PHP code to decode the email address of a particular user”, explains Proofpoint in its report.

According to Proofpoint experts, the attackers are believed to be from Turkey, as users with IP addresses located in the country are immediately redirected to the legitimate site, not the malicious copy crafted by the hackers. Furthermore, and as mentioned above, hackers mainly target people in high positions in their respective companies. Nearly 40% of victims were executives, 9% CEOs and deputy directors, and 17% CFOs.

Source : TechRadar

Related Articles