Security News > 2020 > June > Phishing Campaign Targeting Office 365, Exploits Brand Names
Researchers have discovered a sophisticated new phishing campaign that uses recognized brand names to bypass security filters as well as to trick victims into giving up Microsoft Office 365 credentials to gain access to corporate networks.
A new report from Check Point Software first observed the attacks-the majority of which targeted European companies, with others seen in Asia and the Middle East-in April, when they discovered emails sent to victims titled "Office 365 Voice Mail.".
The emails tried to lure victims into clicking on a button that would take them to their Office 365 account to retrieve a voice message that was waiting in their voice portal, they said.
If victims took the bait, they were redirected to what appeared to be the Office 365 login page but what was actually a phishing page, researchers said.
At first the attacks seemed to be "Classic Office 365 phishing campaign," Check Point manager of threat intelligence Lotem Finkelsteen said in the report.
News URL
https://threatpost.com/phishing-campaign-targeting-office-365-exploits-brand-names/156698/
Related news
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)