Security News > 2021 > January > Business executives targeted with Office 365-themed phishing emails

An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn.

The compromised accounts can be used to send out even more convincing phishing emails, perpetrate BEC scams, or collect sensitive information.

The phishing emails take the form of a Microsoft Office365 password reset email and, at first glance, they seem like they've been sent by the company's IT administrators.

The researchers took advantage of poorly configured phishing sites to get their hands on the phishing kit and the sites' log files, and found that nearly half of the victims who entered their credentials were CEOs, and nearly three quarter of them are based in the US. About the phishing kit.

The researchers say that the campaign orchestrators used the same phishing kit during the various campaigns, and that the phishing kit developer compiled and included a blocklist into it.

They also discovered that most of the phishing emails were sent using a virtual private server from FireVPS, and that the phishing kit has been through four iterations, but that they all use mostly the same lure, so this means we can expect more warnings about these types of phishing emails hitting inboxes.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Mz2STJn-xDo/