Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.
1 Min Read
A phishing campaign aimed at Office 365 users took advantage of a legitimate Adobe marketing redirect mechanism, website script injection, and legitimate domains owned by Samsung, Adobe, and Oxford University to convince victims to hand over the credentials to their Office 365 accounts.
According to researchers at Check Point, the attackers used Oxford University's email servers to launch reputable-looking phishing messages containing content about an unheard voicemail message. A click on the link sent victims to a Samsung server, where the link then redirected to the malicious lookalike site that harvested the Office 365 credentials.
Ultimately, victims landed on one of a series of compromised WordPress websites with a separate subdirectory for each victim leading to unique URLs. The campaign, which has ended, constantly evolved in the way it used the techniques to evade email and web filter security measures.
Read more here.
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event.
About the Author(s)
You May Also Like
More Insights
Webinars
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
