Security News > 2021 > January > Business executives targeted with Office 365-themed phishing emails
An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn.
The compromised accounts can be used to send out even more convincing phishing emails, perpetrate BEC scams, or collect sensitive information.
The phishing emails take the form of a Microsoft Office365 password reset email and, at first glance, they seem like they've been sent by the company's IT administrators.
The researchers took advantage of poorly configured phishing sites to get their hands on the phishing kit and the sites' log files, and found that nearly half of the victims who entered their credentials were CEOs, and nearly three quarter of them are based in the US. About the phishing kit.
The researchers say that the campaign orchestrators used the same phishing kit during the various campaigns, and that the phishing kit developer compiled and included a blocklist into it.
They also discovered that most of the phishing emails were sent using a virtual private server from FireVPS, and that the phishing kit has been through four iterations, but that they all use mostly the same lure, so this means we can expect more warnings about these types of phishing emails hitting inboxes.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Mz2STJn-xDo/
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)