Security News > 2020 > September > Office 365 Phishing Attack Leverages Real-Time Active Directory Validation
Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims' Office 365 credentials - in real time - as they enter them into the landing page.
Office 365 requires app registrations to use APIs - but registrations require only an email address, making them seamless for attackers to leverage.
In a phishing attack recently spotted by researchers, the attacker used the authentication APIs to cross check the credentials of a senior executive at a large enterprise firm with the organization's Azure Active directory.
"The limited activity at the website hosting the phishing attack and the careful timing of the email to a Friday evening also suggests this is a carefully crafted attack," researchers said.
This could be a way to hide the phishing attack as just another failed sign on attempt at the Office 365 portal, researchers said.
News URL
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)
- Focused Phishing: Attack Targets Victims With Trusted Sites and Live Validation (source)
- CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users (source)