Security News > 2023 > October > EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings.
In August 2023, Proofpoint warned of another EvilProxy campaign, which distributed approximately 120,000 phishing emails to hundreds of organizations, targeting their employees' Microsoft 365 accounts.
The use of reverse proxy kits for phishing is growing and combining them with open redirects increases the success of a campaign.
EvilProxy phishing campaign targets 120,000 Microsoft 365 users.
Microsoft Teams phishing attack pushes DarkGate malware.
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA. Classiscam fraud-as-a-service expands, now targets banks and 251 brands.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365 (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)