Proofpoint Phish Harvests Microsoft O365, Google Logins

2021-11-05 15:12

Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims' Microsoft Office 365 and Google email credentials.

"The email claimed to contain a secure file sent via Proofpoint as a link," they explained in a posting on Thursday.

"Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google."

If users clicked on the "Secure" email link embedded in the message, they were taken to the splash page with Proofpoint branding and the login spoofs.

Because the phish replicated workflows that already exist in many users' daily lives, attackers were banking on users not questioning the emails too much, researchers noted.

Be aware of social engineering: Users should subject email to an eye test that includes inspecting the sender name, sender email address, language within the email and any logical inconsistencies within the email.

News URL

https://threatpost.com/proofpoint-phish-microsoft-o365-google-logins/176038/

#google #microsoft #o365 #phish #proofpoint

Related vendor

VENDOR	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft	676	805	4487	4173	3706	13171
Google	141	994	4851	2759	1634	10238
Proofpoint	9	0	26	13	3	42

News URL

Related news

Related vendor