Office 365 phishing campaign uses publicly hosted JavaScript code

2021-04-08 13:16

A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted JavaScript code.

The subject of the phishing email says "Price revision" and it contains no body - just an attachment that, at first glance, looks like an Excel document, but is actually an HTML document that contains encoded text pointing to two URLs located yourjavascript.com, a free service for hosting JavaScript, and a separate chunk of HTML code.

The first JavaScript file contains HTML code that opens the HTML tag and validates the email and password input of the victim, the second holds the body part of the HTML code and code that that triggers a popup message box.

The code will contain the target's email address and will populate the fake sign-in box to make the phishing page seem legitimate.

The phishing page also validates email address format and password length, Trustwave SpiderLabs researcher Homer Pacag explained.

Aside from remembering passwords, password managers are also good at spotting phishing pages and will refuse to seamlessly enter login credentials that are supposedly required.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/yzl9Kg8ZhT0/

#javascript #office #office365 #phishing