14 DAY TRIAL // Microsoft issued a warning about a huge phishing campaign that uses open email links to steal credentials, according to The Hacker News.
An old idiom advises us to work smart, not hard and nobody applies it better than modern hackers. Using something as common as URLs, threat actors manage to trick numerous users into introducing sensitive information that could grant access to an organization's network, steal credit card information or personal data that can be used for blackmailing. Nowadays, some manage to perfect their campaigns to the point where they are not even detected by advanced and up-to-date anti-malware solutions.
Microsoft 365 Defender Threat Intelligence Team explained in a report "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," [...] "Doing so leads to a series of redirections — including a CAPTCHA verification page that adds a sense of legitimacy and attempts to evade some automated analysis systems — before taking the user to a fake sign-in page. This ultimately leads to credential compromise, which opens the user and their organization to other attacks".
Microsoft found more than 350 phishing domains
Microsoft detected at least 350 different phishing scams in a recent campaign that illustrate the effective use of persuasive social engineering decoys. In most cases, the links pretend to be notifications from programs like Office 365 and Zoom, both commonly used in the organizational environment. The redirect URLs are encoded in the message, whereas the email addresses can be on behalf of online stores, clubs or anything else with an online presence.
The malicious landing page uses Google's reCAPTCHA to reject any dynamic scan attempt to validate the attack. Once the CAPTCHA check is complete, victims are presented with a fake login page that mimics a well-known provider, usually Microsoft Office 365, where they capture the usernames and passwords.