Security News > 2023 > May > Greatness phishing-as-a-service threatens Microsoft 365 users
Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service tool called Greatness, created to phish Microsoft 365 users.
The Greatness PaaS. Greatness is a PaaS tool/service specifically designed to compromise Microsoft 365 credentials.
"It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page," says Tiago Pereira, technical leder of security research at Cisco Talos.
Then the victim is redirected to a bogus Microsoft 365 login page, where their email address has already been entered.
"If MFA is used, the service will prompt the victim to authenticate using the MFA method requested by the real Microsoft 365 page," Pereira says.
The phishers now have everything they need to access the victims' Microsoft 365 account.
News URL
https://www.helpnetsecurity.com/2023/05/12/phishing-microsoft-365/
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Microsoft 365 users hit by random product deactivation errors (source)
- New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA (source)
- Microsoft fixes bug behind random Office 365 deactivation errors (source)