September 06, 2020
A new phishing campaign aims to steal Microsoft Outlook credentials by posing as the company’s technical support
Cofense researchers have identified a new phishing campaign that aims to steal Microsoft Outlook credentials by using message quarantine emails and overlay screens. The attackers behind the campaign pose as the company’s technical support, sending quarantine message emails from ‘Support’ with the title ‘Action required: Ticket#’ to company employees.
As can be seen in the above image, the email appears to be sent from the company’s technical support, claiming that three email messages were quarantined and blocked from entering the inbox, thus encouraging the users to view the withheld messages.
While the malicious URL is visible when hovering over the “Review Messages Now”, activation of the link redirects users to a phishing page that is built upon the actual company homepage, adding to its credibility. Using this overlay screen, the attackers ask the user to enter the login credentials to access the company account. According to the researchers, the use of the company’s homepage “gives the employee a greater comfort level, by displaying to a familiar page. It is also possible to interact with this page by moving outside of the overlay, showing that it is the actual page they have seen and used before.”
If entered, the credentials are then sent to the attackers, granting them access to the company account.
An analysis performed by the Cofense researchers indicates that each link uses specific parameters to determine which page to log into, using the address of the original email recipient. This is a clear indication that attackers will use any and every means to gain access to business accounts.
Follow Us on Facebook page for the latest news and insights on cybersecurity.
Stay Safe with TrustNet!