informa
/
Attacks/Breaches
Quick Hits

O365 Phishing Campaign Leveraged Legit Domains

A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.

A phishing campaign aimed at Office 365 users took advantage of a legitimate Adobe marketing redirect mechanism, website script injection, and legitimate domains owned by Samsung, Adobe, and Oxford University to convince victims to hand over the credentials to their Office 365 accounts.

According to researchers at Check Point, the attackers used Oxford University's email servers to launch reputable-looking phishing messages containing content about an unheard voicemail message. A click on the link sent victims to a Samsung server, where the link then redirected to the malicious lookalike site that harvested the Office 365 credentials.

Ultimately, victims landed on one of a series of compromised WordPress websites with a separate subdirectory for each victim leading to unique URLs. The campaign, which has ended, constantly evolved in the way it used the techniques to evade email and web filter security measures.

Read more here.

VIRTUALSUMMIT_DR20_320x50.jpg
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5