Security News > 2020 > October > Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs
Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate.
Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.
A May phishing attack pretended to deliver subpoenas but actually was stealing user's Office 365 credentials.
Researchers said, the attack shows that cybercriminals continue to switch up their tactics when it comes to phishing and email based attacks.
Just in the past week, researchers have warned of innovative phishing techniques such leveraging OAuth2 or other token-based authorization methods or phishing emails pretending to be Windows 7 upgrades.
News URL
https://threatpost.com/microsoft-office-365-captchas/159747/
Related news
- Microsoft fixes bug behind random Office 365 deactivation errors (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)