For HomeFor BusinessFor Partners
Business Insights
3 min read

New Spear-phishing Campaign Targets Office 365 Users

Silviu Stahie

December 15, 2020

New Spear-phishing Campaign Targets Office 365 Users
  • Attackers spoof the Microsoft.com domain
  • Lookalike websites used to steal credentials
  • Microsoft doesn’t implement the DMARC protocol

Attackers have deployed a vast spear-phishing campaign spoofing Microsoft.com to trick people into giving up their Office 365 credentials. The financial services, healthcare, insurance, manufacturing, utilities, and telecom industries are among those affected.

Spoofing a domain name is very useful in phishing campaigns because it gives the emails greater credibility. Checking the sender of the email is one of the first things a user has to do. When that email appears to come from a Microsoft.com domain, users are much more likely to believe what the messages says or asks.

“The fraudulent message is composed of urgent and somewhat fear-inducing language intended to convince users to click on what is a malicious link without hesitation,” say the researchers from Ironscales. “Once the link is clicked, users are asked to input their legitimate O365 login credentials on a fake login page, mistakenly believing that they are providing their private information to Microsoft online.”

As Office 365 credentials are used for numerous services, once the attackers get their hands on them, they can either use them to compromise systems and corporate networks or sell them on the dark web. In either case, the result can be devastating for any industry.

The security researchers also pointed out that Microsoft services don’t use the Domain-based Message Authentication, Reporting & Conformance (DMARC) authentication protocol, which would allow them to protect their domain specifically from this type of threat.

This particular campaign uses a spear-phishing technique, which means that attackers send emails to known targets, avoiding the scattergun approach. The goal is to affect the right people in the right place. The higher the victim’s ranking in a company’s hierarchy, the bigger the impact.

And since many Office 365 users are in companies, compromising a user's credentials can easily lead to much more serious intrusions.

tags

Author

Silviu Stahie

Silviu Stahie

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

View all posts

Right now Top posts

Reframing the Narrative: Strategic Defense Against Human Error in Cybersecurity
Enterprise Security

Reframing the Narrative: Strategic Defense Against Human Error in Cybersecurity

April 18, 2024

Understanding XDR Solutions: A People-Focused Guide to Making the Right Choice
Enterprise Security Endpoint Detection and Response

Understanding XDR Solutions: A People-Focused Guide to Making the Right Choice

April 16, 2024

Bitdefender Threat Debrief | April 2024
Enterprise Security Bitdefender Threat Debrief

Bitdefender Threat Debrief | April 2024

April 11, 2024

What’s New in GravityZone Platform April 2024 (v 6.49)
Enterprise Security Endpoint Protection & Management

What’s New in GravityZone Platform April 2024 (v 6.49)

April 11, 2024

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Reframing the Narrative: Strategic Defense Against Human Error in Cybersecurity
Enterprise Security

Reframing the Narrative: Strategic Defense Against Human Error in Cybersecurity
Sumarlin

April 18, 2024

Understanding XDR Solutions: A People-Focused Guide to Making the Right Choice
Enterprise Security Endpoint Detection and Response

Understanding XDR Solutions: A People-Focused Guide to Making the Right Choice
Daniel Daraban

April 16, 2024

Bitdefender Threat Debrief | April 2024
Enterprise Security Bitdefender Threat Debrief

Bitdefender Threat Debrief | April 2024
Martin Zugec

April 11, 2024

Bookmarks

loader