Security News > 2023 > October > EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings.
In August 2023, Proofpoint warned of another EvilProxy campaign, which distributed approximately 120,000 phishing emails to hundreds of organizations, targeting their employees' Microsoft 365 accounts.
The use of reverse proxy kits for phishing is growing and combining them with open redirects increases the success of a campaign.
EvilProxy phishing campaign targets 120,000 Microsoft 365 users.
Microsoft Teams phishing attack pushes DarkGate malware.
W3LL phishing kit hijacks thousands of Microsoft 365 accounts, bypasses MFA. Classiscam fraud-as-a-service expands, now targets banks and 251 brands.
News URL
Related news
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)
- Severe Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API (source)
- Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)