Microsoft Tracks Widespread Credential Phishing Campaign

guest · Aug 27, 2021

Microsoft Tracks Widespread Credential Phishing Campaign
The campaign abuses open redirector links and includes a CAPTCHA verification page to add a sense of legitimacy to the attack.
August 26, 2021
https://www.darkreading.com/attacks...racks-widespread-credential-phishing-campaign

Microsoft has been tracking a widespread credential phishing campaign using open redirector links combined with social engineering lures that spoof known productivity tools to trick users. Attackers also use a CAPTCHA verification page to add a sense of legitimacy to the campaign.

In this attack, the emails' subject lines depended on the tool they impersonated; however, in general they contained the recipient's domain and a timestamp. All the emails seemed to follow a pattern that showed the email content in a box with a large button leading to credential harvesting pages if clicked.
Click to expand...

Recipients who hover their cursor over the link or button will see the full URL. But, because attackers used a legitimate service to set up open redirect links, the victims see a legitimate domain name they likely recognize.

Victims who click the redirect links are sent to a page in attacker-owned infrastructure. These pages use Google reCAPTCHA services.
It's prepopulated with the target's email address, adding further legitimacy to the attack.
Click to expand...

Once the password is entered, the page will refresh and show an error message, prompting the recipient to enter their password again – ensuring attackers receive the correct one.

"The use of open redirects in email communications is common among organizations for various reasons," the Microsoft 365 Defender Threat Intelligence Team wrote in a blog post.
Click to expand...

Microsoft: Widespread credential phishing campaign abuses open redirector links

Log in or Sign up

Microsoft Tracks Widespread Credential Phishing Campaign

guest Guest

Log in or Sign up

Microsoft Tracks Widespread Credential Phishing Campaign

guest Guest

Useful Searches