Security News > 2023 > October > EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings.
In August 2023, Proofpoint warned of another EvilProxy campaign, which distributed approximately 120,000 phishing emails to hundreds of organizations, targeting their employees' Microsoft 365 accounts.
The use of reverse proxy kits for phishing is growing and combining them with open redirects increases the success of a campaign.
EvilProxy phishing campaign targets 120,000 Microsoft 365 users.
Microsoft Teams phishing attack pushes DarkGate malware.
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA. Classiscam fraud-as-a-service expands, now targets banks and 251 brands.
News URL
Related news
- Tycoon2FA phishing kit targets Microsoft 365 with new tricks (source)
- Microsoft links recent Microsoft 365 outage to buggy update (source)
- New Microsoft 365 outage impacts Teams, causes call failures (source)
- Microsoft 365 apps will prompt users to back up files in OneDrive (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft’s new AI agents take on phishing, patching, alert fatigue (source)
- After Detecting 30B Phishing Attempts, Microsoft Adds Even More AI to Its Security Copilot (source)
- Microsoft: Licensing issue blocks Microsoft 365 Family for some users (source)