Security News > 2021 > February > Microsoft Lures Populate Half of Credential-Swiping Phishing Emails

According to a Tuesday report by Cofense, which analyzed millions of emails related to various attacks, 57 percent were phishing emails aiming to steal victim usernames and passwords.

The remainder of malicious emails were utilized in business email compromise attacks or for malware delivery.

Of those phishing emails, 45 percent were Microsoft-themed, said researchers: Cybercriminals are both relying on Microsoft-themed lures for their emails, as well as using ensuing phishing landing pages that either spoof or leverage legitimate Microsoft domains or services.

Malicious email lures can vary; it could be a straightforward "'Joe wants to share a document with you' SharePoint alert you would normally see from Microsoft," researchers explained - or it could be a simple attached file that includes a link to a website asking users to login with Microsoft credentials.

"The phishing emails often contain URLs hosted on legitimate domains that maintain a broad consumer base to avoid being blocked by content rules and filters."

Many of these phishing emails may relate to invoices and transactions needed for work.

News URL

https://threatpost.com/microsoft-lures-credential-swiping-phishing-emails/164207/