Microsoft Warns of Widespread Phishing Attacks

Maria Sadek
By Maria Sadek | Sep 9, 2021 11:00:00 AM

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. An open redirector link is when a web application or server uses a user-submitted link to redirect the user to a given website or page; often used as a vital tool to take recipients to third-party websites and measure the success of sales and marketing campaigns. By modifying the URL value to a malicious site, hackers are successfully launching a phishing scam to steal user credentials.

Microsoft said it observed at least 350 unique phishing domains as part of the campaign. In an attempt to obscure detection, hackers utilize well-crafted detection evasion techniques and a durable infrastructure to carry out the attacks. To give the attack a veneer of authenticity, messages are disguised as coming from apps like Office 365 and Zoom. By clicking the specially crafted links, users are redirected to a malicious landing page that employs Google reCAPTCHA to block any dynamic scanning attempts. Upon completion of the CAPTCHA verification, the victims are displayed a fraudulent login page mimicking a known service like Microsoft Office 365, only to swipe their passwords upon submitting the information.

Blog image 9.8.21

According to Microsoft, the messages in this particular campaign tend to follow a common pattern. They use a few generic subject lines in this manner:

  • [Recipient username] 1 New Notification
  • Report Status for [Recipient Domain Name] at [Date and Time]
  • Zoom Meeting for [Recipient Domain Name] at [Date and Time]
  • Status for [Recipient Domain Name] at [Date and Time]
  • Password Notification for [Recipient Domain Name] at [Date and Time]
  • [Recipient username] eNotification.

Lloyd’s clients have an established set of security solutions that will provide them with a multi-layered defense against these types of attacks. The first line of defense is doing everything we can to block malicious emails from reaching you in the first place. A multi-layered defense system is key in our ability to quickly find and shut down email attacks.

 

Topics: Security, Partner, IT Services, Technology, Disaster Recovery, Vulnerability Assessment, Cyber Security, Cyber Attacks, Microsoft, industry events, IT Management, Remote work

Contact Us  See how Lloyd can help grow your business.  Let's Get Started!