Microsoft has warned Office 365 customers that they’re being targeted by a widespread phishing campaign aimed at nabbing usernames and passwords. The ongoing phishing campaign is using multiple links. The danger is here is that clicking on any link results in a series of redirections that lead victims to a Google reCAPTCHA page.
In turn, this directs the user to a bogus login page where Office 365 credentials are stolen.
Weighing on the nature of the campaign and the measures that can be considered to protect people is Troy Gill, Senior Manager of Threat Intelligence at Zix I App River.
Troy Gill tells Digital Journal about the form and nature of attack: “The type of phishing campaign that’s currently targeting Office 365 customers is one we refer to as Living off the Land (LoTL) phishing.”
As to what this means, Gill explains that a LoTL “occurs when cybercriminals abuse otherwise legitimate services to mask the true nature of their message. This type of activity has become quite common and often abuses many different services, not just those belonging to Google, referred to in this alert.”
There is a further undercurrent when it comes to cyberattacks, as Gill adds: “We have also seen an uptick in phishing attacks leveraging reCAPTCHA technology to further obfuscate the content on the eventual landing page, in this case Microsoft O365 credential phishing.”
With the rising spate of these forms of activity, Gill recounts: “The Zix threat research team has seen a huge uptick in this type of phishing attack over the last year. The attacks vary greatly in theme and brand being impersonated. In addition, many of these LoTL attacks are emanating from compromised accounts as well so there is yet another layer of legitimacy added to the attack.”
In terms of what users and businesses can do in terms of proactive actions, Gill recommends: “To help reduce the risk of LoTL and other email threats, organizations should implement two-factor authentication, which provides an extra layer of security by making users confirm their identity.”
Furthermore, Gill advises: “Organizations should also limit authorized use of third-party services, when possible, as this will help keep the size of the attacks surface criminals have to work with under control.”
There are other measures to consider too, says Gill: “Organizations should also use end-to-end email encryption for any message containing confidential or personally identifiable information and ensure their email security solution is capable of dynamically analyzing email attachments and URLs.”
Gill’s final words of wisdom are: “If there is any suspicion about a message, it never hurts to call the sender. Most will be glad of your security protocols in place to help prevent fraud.”
