Security News > 2020 > April > Microsoft Sway Abused in Office 365 Phishing Attack
A highly targeted phishing campaign, with a Microsoft file platform twist, has successfully siphoned the Office 365 credentials of more than 150 executives since mid-2019.
Second, the initial phishing emails are sent from legitimate but previously compromised email addresses - which cloak the fact that they're attacker-controlled.
The email read, "Please+see+above+document+from[redacted] for your review and let me know if you have any concerns." The document being referenced is a PDF file attachment, which pretends to be a notification for Office 365 file sharing.
The page tells the recipient that the sender has shared a document on behalf of the company, and again asks the target to click on a button to "Get Started." Finally, this last link redirects the victim to the actual phishing landing page, which purports to be a Microsoft Single Sign On page for Outlook, and asks the victim to input their credentials.
"When the victim submits his or her corporate Office 365 credentials as if for a normal login, the sensitive data is sent to a separate data server with an extra email address which is hidden on the page," said researchers.
News URL
https://threatpost.com/microsoft-sway-abused-office-365-phishing-attack/155366/
Related news
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Microsoft announces Office LTSC 2024 preview starting next month (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)
- Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks (source)
- New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Alert: New Phishing Attack Delivers Keylogger Disguised as Bank Payment Notice (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)