Microsoft warns Office 365 users over this sneaky phishing campaign

Scam phishes for Google Cloud and Office 365 credentials, says Microsoft

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoft’s Security Intelligence team has shared details about an ongoingphishing email scamthat cleverly employs various detection evasion techniques to trick most automated filters and users in its attempt to garnerMicrosoft Office 365credentials.

Phishing attacks have skyrocketed with the prevalence ofremote working, and have become one of the major threats that plagues businesses these days. Arecent surveyfound an overwhelming majority of the respondents across the US, UK, France, Germany, Australia and Japan falling prey to a phishing attack in the last year alone.

Sharing details of the newest campaign,cybersecurityresearchers at Microsoft said that in addition toOffice 365, the scam also phishes forGoogle Cloudcredentials with the help of a compromisedSharePointsite.

“An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters,” the Microsoft Security Intelligence teamrevealed on Twitter.

Sneakier than usual

The use of SharePoint in the display name as well as in the message, is one of the techniques the scam relies on to appear legitimate, as per the researchers.

The emails appear to share files that are strategically named as “Staff Reports”, “Bonuses”, “Pricebooks”, and such to appear as legitimate business emails.

The links however point to phishing pages that tricks users into divulging theirGoogleand Office 365 login credentials.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The original sender addresses contain variations of the word “referral” and use various top-level domains, including the domain com[.]com, popularly used by phishing campaigns for spoofing and typo-squatting,” share the researchers as they enumerate some of the detection evasion techniques used by this “sneakier than usual” campaign.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)