Security News > 2023 > May > Greatness phishing-as-a-service threatens Microsoft 365 users
Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service tool called Greatness, created to phish Microsoft 365 users.
The Greatness PaaS. Greatness is a PaaS tool/service specifically designed to compromise Microsoft 365 credentials.
"It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page," says Tiago Pereira, technical leder of security research at Cisco Talos.
Then the victim is redirected to a bogus Microsoft 365 login page, where their email address has already been entered.
"If MFA is used, the service will prompt the victim to authenticate using the MFA method requested by the real Microsoft 365 page," Pereira says.
The phishers now have everything they need to access the victims' Microsoft 365 account.
News URL
https://www.helpnetsecurity.com/2023/05/12/phishing-microsoft-365/
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)