Security News > 2023 > May > Greatness phishing-as-a-service threatens Microsoft 365 users
Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service tool called Greatness, created to phish Microsoft 365 users.
The Greatness PaaS. Greatness is a PaaS tool/service specifically designed to compromise Microsoft 365 credentials.
"It contains features such as having the victim's email address pre-filled and displaying their appropriate company logo and background image, extracted from the target organization's real Microsoft 365 login page," says Tiago Pereira, technical leder of security research at Cisco Talos.
Then the victim is redirected to a bogus Microsoft 365 login page, where their email address has already been entered.
"If MFA is used, the service will prompt the victim to authenticate using the MFA method requested by the real Microsoft 365 page," Pereira says.
The phishers now have everything they need to access the victims' Microsoft 365 account.
News URL
https://www.helpnetsecurity.com/2023/05/12/phishing-microsoft-365/
Related news
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Massive botnet hits Microsoft 365 accounts (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft links recent Microsoft 365 outage to buggy update (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft 365 apps will prompt users to back up files in OneDrive (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)