Security News > 2023 > May > Phishers use encrypted file attachments to steal Microsoft 365 account credentials
Phishers are using encrypted restricted-permission messages attached in phishing emails to steal Microsoft 365 account credentials.
"The initial emails are sent from compromised Microsoft 365 accounts and appear to be targeted towards recipient addresses where the sender might be familiar."
The phishing emails are sent from a compromised Microsoft 365 account to individuals working in the billing department of the recipient company.
Phishing email with a encrypted restricted-permission message.
"The use of encrypted.rpmsg messages means that the phishing content of the message, including the URL links, are hidden from email scanning gateways. The only URL link in the body of the message points to a Microsoft Encryption service," Hay and Mendez noted.
"The only clue that something might be amiss is the URL has a specified sender address unrelated to the From: address of the email. The link was likely generated from yet another compromised Microsoft account."
News URL
https://www.helpnetsecurity.com/2023/05/26/phishing-encrypted-emails/
Related news
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft investigates Microsoft 365 outage affecting users, admins (source)
- Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)