Supreme Court Phish Targets Office 365 Credentials

2020-05-21 13:00

The phishing emails spoof the U.S. Supreme Court, aiming to capitalize on scare tactics to convince targets to click on an embedded link.

"The sender name impersonated the Supreme Court, making the email likely to get past eye tests when people glanced through it amidst hundreds of other emails in their overflowing mailboxes. The email language was terse and authoritative, including a CTA in the email - View Subpoena - clearly describing the purpose of the email."

"The email keeps things short so that targets click the link without reading too much. busy employees often don't have the time or luxury to think about every email in their inbox, and end up following through on the email's action."

The final credential landing page was painstakingly made to resemble an Office 365 login page, designed to collect targets' Office 365 credentials.

"The credentials could also be used to exfiltrate sensitive or confidential data from the targets' Office 365 accounts. Attackers are also sure to try the same login credentials to break into other business-critical applications."

News URL

https://threatpost.com/supreme-court-phish-targets-office-365-credentials/155955/

#credential #office #office365 #phish #supremecourt