Security News > 2020 > September > Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims' Office 365 credentials - in real time - as they enter them into the landing page.
Office 365 requires app registrations to use APIs - but registrations require only an email address, making them seamless for attackers to leverage.
In a phishing attack recently spotted by researchers, the attacker used the authentication APIs to cross check the credentials of a senior executive at a large enterprise firm with the organization's Azure Active directory.
"The limited activity at the website hosting the phishing attack and the careful timing of the email to a Friday evening also suggests this is a carefully crafted attack," researchers said.
This could be a way to hide the phishing attack as just another failed sign on attempt at the Office 365 portal, researchers said.
News URL
Related news
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- YouTube warns of AI-generated video of its CEO used in phishing attacks (source)
- Ukrainian military targeted in new Signal spear-phishing attacks (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)