Security News > 2020 > October > Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs
Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate.
Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.
A May phishing attack pretended to deliver subpoenas but actually was stealing user's Office 365 credentials.
Researchers said, the attack shows that cybercriminals continue to switch up their tactics when it comes to phishing and email based attacks.
Just in the past week, researchers have warned of innovative phishing techniques such leveraging OAuth2 or other token-based authorization methods or phishing emails pretending to be Windows 7 upgrades.
News URL
https://threatpost.com/microsoft-office-365-captchas/159747/
Related news
- Fake Microsoft Office add-in tools push malware via SourceForge (source)
- Microsoft releases emergency update to fix Office 2016 crashes (source)
- iOS devices face twice the phishing attacks of Android (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Microsoft blocks ActiveX by default in Microsoft 365, Office 2024 (source)
- Gamma AI Platform Abused in Phishing Chain to Spoof Microsoft SharePoint Logins (source)
- Microsoft: Office 2016 and Office 2019 reach end of support in October (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)