Security News > 2023 > May > Greatness phishing-as-a-service threatens Microsoft 365 users
Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service tool called Greatness, created to phish Microsoft 365 users.
The Greatness PaaS. Greatness is a PaaS tool/service specifically designed to compromise Microsoft 365 credentials.
"It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page," says Tiago Pereira, technical leder of security research at Cisco Talos.
Then the victim is redirected to a bogus Microsoft 365 login page, where their email address has already been entered.
"If MFA is used, the service will prompt the victim to authenticate using the MFA method requested by the real Microsoft 365 page," Pereira says.
The phishers now have everything they need to access the victims' Microsoft 365 account.
News URL
https://www.helpnetsecurity.com/2023/05/12/phishing-microsoft-365/
Related news
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- Microsoft investigates Microsoft 365 outage affecting users, admins (source)