Office 365 users are now in cybercriminals’ crosshairs in a new phishing campaign, according to a warning the Microsoft Security Intelligence (MSI) team issued via Twitter. Malicious actors are using email addresses that appear to be legitimate with display names that mimic bona fide services to dodge email filters.
Microsoft cautioned that cybercriminals are going above and beyond to use detection-evasion techniques that are worryingly convincing and authentic-looking.
Microsoft warns Office 365 users of “crafty” new phishing campaign
The MSI team discovered a new email phishing campaign that it describes as “crafty.”
“An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters,” MSI explained on Twitter.
The deceptive phishing campaign targets Office 365 organizations with employees who often send attachments to co-workers. MSI found phishing emails that seemed as if they were sent from a trusted source. Many of these emails contained faux Microsoft SharePoint attachments with labels such as “Price Books,” “Bonuses” and “Staff Reports.”
The emails use a SharePoint lure in the display name as well as in the message, which poses as a “file share” request for supposed “Staff Reports”, “Bonuses”, “Pricebooks”, and other content, with a link that navigates to the phishing page. pic.twitter.com/c33awiAeH4July 30, 2021
The phishing emails use a tactic called “typosquatting,” which involves registering deliberately misspelled domains that, at first glance, look close to a well-known brand. Most quick readers would overlook the subtle typo.
If users fall for the bait and click on the “Open” link, it will lead them to a page that lures them to type in their Microsoft or Google credentials. According to MSI, these sign-on pages look very convincing, making users believe that they’re on a trustworthy path to a legitimate website.
MSI kept emphasizing how authentic these phishing emails looked. As such, employers may not be able to rely on their employees’ good judgment to identify suspicious-looking emails. That’s why MSI shamelessly plugged its Microsoft Defender for Office 365 program as a solution, adding that this software “detects and blocks” these emails.
Phishing attacks are a huge thorn in the side for many popular companies like Netflix and PayPal, but the Redmond-based tech giant should be particularly concerned. According to a CheckPoint Research study, Microsoft topped the list as being the most imitated brand for phishing attacks.