Security News > 2020 > June > Microsoft 365 phishing campaign exploits Samsung, Adobe, and Oxford University
In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University's mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website.
Most of the emails observed came from multiple addresses that belonged to legitimate subdomains from different departments at the University of Oxford.
The sent email itself claims to offer missed voice mail related to the recipient's Office 365 account with references to Office 365 and Microsoft and even a phony "Message from Trusted server" notice at the top.
Offered by Adobe to email marketers, Adobe Campaign has been exploited in other phishing attempts to add legitimacy to URLs used in malicious messages.
In this instance, the link in the email directs people to an Adobe server used by Samsung during a 2018 Cyber Monday marketing campaign.
News URL
Related news
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Russian phishing campaigns exploit Signal's device-linking feature (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)