Security News > 2021 > March > Microsoft Office 365 still the top target among phishing attacks
Most of the recent credential phishing attacks seen by Menlo Security served phony Outlook and Office 365 login pages.
In its report, the Menlo Tabs team said it discovered a rise in credential phishing attacks over the past month.
The firm said it also found credential phishing attacks spoofing cryptocurrency wallets and popular software services from countries like South Korea.
The bulk of credential phishing attacks observed by Menlo Labs were trying to hoodwink users with phony login pages for Outlook and Office 365 login pages.
Another tactic seen in Office 365-related phishing campaigns appended the recipient's email address to the URL. In this instance, the path for the phishing page gets generated dynamically, while the user's email address is automatically filled in.
"With free services like Let's Encrypt, it is becoming increasingly easier for attackers to host phishing sites behind SSL with a relatively short TTL for maximum hit rate. Increasing cybersecurity awareness through training and education initiatives is often helpful in reducing the impact of credential phishing attacks, but corporate users should be cautious when a site presents a form that asks for personal/sensitive information."
News URL
Related news
- Microsoft Office 2024 now available for Windows and macOS users (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)