Security News > 2020 > November > Office 365 phishing abuses Oracle and Amazon cloud services
A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure.
According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.
Next, victims are redirected to a hacked website that takes them to the fake Office 365 page hosted mostly on Oracle Cloud computing service.
Mitiga says that they identified more than 40 compromised websites that were part of this Office 365 phishing campaign.
Clues found in the HTML code for the fake Office 365 pages suggest that the infrastructure is part of a phishing-as-a-service business rented to multiple clients.