Security News > 2020 > November > Office 365 phishing campaign detects sandboxes to evade detection
Microsoft is tracking an ongoing Office 365 phishing campaign that makes use of several methods to evade automated analysis in attacks against enterprise targets.
The phishing emails used in this campaign are also heavily obfuscated to make sure that secure email gateways will not be able to detect the malicious messages and automatically block them before they land in the targets' inboxes.
Earlier this month another Office 365 phishing campaign was detected while inverting images used as backgrounds for landing pages to avoid getting flagged as malicious by web crawling engines used to spot phishing sites.
The phishing kit designed to use that novel tactic automatically reverts the backgrounds using Cascading Style Sheets to revert to the original backgrounds of the Office 365 login pages they're trying to mimic.
Previous phishing campaigns targeting Office 365 users also used innovative tactics such as abusing Google Ads to circumvent secure email gateways, using cloud services such as Google Cloud Services, Microsoft Azure, Microsoft Dynamics, and IBM Cloud to host phishing landing pages, as well as testing the stolen login in real-time.