Security News > 2020 > September > Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims' Office 365 credentials - in real time - as they enter them into the landing page.
Office 365 requires app registrations to use APIs - but registrations require only an email address, making them seamless for attackers to leverage.
In a phishing attack recently spotted by researchers, the attacker used the authentication APIs to cross check the credentials of a senior executive at a large enterprise firm with the organization's Azure Active directory.
"The limited activity at the website hosting the phishing attack and the careful timing of the email to a Friday evening also suggests this is a carefully crafted attack," researchers said.
This could be a way to hide the phishing attack as just another failed sign on attempt at the Office 365 portal, researchers said.
News URL
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)