Attackers Impersonate Microsoft Services To Target Customers

Share post:

Attackers are actively impersonating Microsoft services to target customers with Microsoft, Office 365, Outlook, and OneDrive accounts.

The campaign was discovered by a security researcher, MalwareHunterTeam. According to the researcher, attackers could fake the custom branding and web hosting features to host static landing phishing sites.

Misused platforms include Microsoft Azure’s Static Web Apps which is used to steal Microsoft, Office 365, Outlook and OneDrive credentials.

While the fake landing pages can be used to scam Microsoft customers, they could also be used to target users of other platforms such as Rackspace, AOL, Yahoo and other email providers.

Users are often advised to check URLs when prompted to fill in their account details in a login form.

However, this advice is almost pointless in this scenario, as users are deceived by the subdomain and the valid TLS certificate.

For more information, read the original story in BleepingComputer.



Related articles

Socket develops tool to protect developers from npm vulnerabilities

Socket, a security firm, has created a new method for protecting developers from the flaws in npm, GitHub's...

Reddit relocates headquarters

Reddit's headquarters is being relocated from its current 78,000-square-foot office at 1455 Market Street at San Francisco's Mid-Market...

Meta launches Meta Verified in U.S.

Meta has launched its subscription service in the United States, allowing Facebook and Instagram users to pay for...

Google spots vulnerabilities in Exynos chips that could affect Androids

Google is urging Android phone owners, such as those who own Samsung, Pixel, or Vivo phones, to take...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways