Security News > 2023 > October > EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings.
In August 2023, Proofpoint warned of another EvilProxy campaign, which distributed approximately 120,000 phishing emails to hundreds of organizations, targeting their employees' Microsoft 365 accounts.
The use of reverse proxy kits for phishing is growing and combining them with open redirects increases the success of a campaign.
EvilProxy phishing campaign targets 120,000 Microsoft 365 users.
Microsoft Teams phishing attack pushes DarkGate malware.
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA. Classiscam fraud-as-a-service expands, now targets banks and 251 brands.
News URL
Related news
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- New Rockstar 2FA phishing service targets Microsoft 365 accounts (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- CISA orders federal agencies to secure Microsoft 365 tenants (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Microsoft 365 users hit by random product deactivation errors (source)