Do you use Microsoft’s widely used Office 365 software? You should be on high alert or you might be the victim of the latest phishing campaign circulating around the web.
The clever phishing campaign attempts to spoof the O365 Support Team. We are seeing users who are receiving notifications purporting to be from “Office 365 Team” notifying recipients that a "medium-severity alert has been triggered."
The phishing message goes on to explain that an “unusual volume of file deletion” has been flagged on their accounts and prompts the reader to learn more about the details of the alert. (View the full text of the email)
When recipients click on the “View alert details” link, a fake Microsoft login page appears that captures users’ login credentials. The attackers are using Azure, a popular hosting site that makes it more difficult to distinguish questionable URLs in a phishing attack.
The perpetrators of this campaign are more clever than the average. By hosting their fake login page on Azure, their site appears to be secure with an SSL certificate signed by Microsoft. This boosts the apparent legitimacy of the webpage and coaxes users to putting their guard down.
If you were to input your password on this page, your email address and password are sent to https://moxxesd.azurewebsites.net/handler.php, which is under the hackers control. This page saves your login information so that the phisher can access them later.
For Microsoft users, login screens only derive from microsoft.com, live.com, microsoftonline.com, or outlook.com. The growing sophistication of these attacks makes it even more difficult for users to differentiate a phishing attack from a real message. However, comprehensive training from providers like us can stop phishing scams in their tracks by empowering customer and employees with cybersecurity training and awareness.
Originally published on 06/12/2019