Security News > 2020 > October > Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs
Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry - and using visual CAPTCHAs to avoid detection and appear legitimate.
Though the use of CAPTCHAS in phishing attacks is nothing groundbreaking, this attack shows that the technique works - so much so that the attackers in this campaign used three different CAPTCHA checks on targets, before finally bringing them to the phishing landing page, which poses as a Microsoft Office 365 log-in page.
A May phishing attack pretended to deliver subpoenas but actually was stealing user's Office 365 credentials.
Researchers said, the attack shows that cybercriminals continue to switch up their tactics when it comes to phishing and email based attacks.
Just in the past week, researchers have warned of innovative phishing techniques such leveraging OAuth2 or other token-based authorization methods or phishing emails pretending to be Windows 7 upgrades.
News URL
https://threatpost.com/microsoft-office-365-captchas/159747/
Related news
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack (source)
- Need to Know: Key Takeaways from the Latest Phishing Attacks (source)
- Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)