Security News > 2020 > October > Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs
2020-10-01 18:27

Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate.

Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.

A May phishing attack pretended to deliver subpoenas but actually was stealing user's Office 365 credentials.

Researchers said, the attack shows that cybercriminals continue to switch up their tactics when it comes to phishing and email based attacks.

Just in the past week, researchers have warned of innovative phishing techniques such leveraging OAuth2 or other token-based authorization methods or phishing emails pretending to be Windows 7 upgrades.


News URL

https://threatpost.com/microsoft-office-365-captchas/159747/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399