A clever phishing campaign is targeting Office 365 users

2021-08-04 12:12

Microsoft is warning about an ongoing, "Sneakier than usual" phishing campaign aimed at Office 365 users.

An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.

The phishers are using various themes as lures, and the emails are sent from email addresses from various top-level domains.

The emails are made to look like they point to a shared document stored on Microsoft SharePoint, a web-based collaborative platform that integrates with Microsoft Office, and they include Microsoft branding.

Clicking on the link will take users to an Office 365-themed phishing page.

The use of Google's and Microsoft's cloud infrastructure host phishing pages is just one of the ways phishers are trying to evade gateways and email security solutions.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/QvtcezbVtzk/

#office #office365 #phishing