O365 Phishing Campaign Leveraged Legit Domains

  /     /     /  
Publicated : 23/11/2024   Category : security


O365 Phishing Campaign Leveraged Legit Domains


A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.



A phishing campaign aimed at Office 365 users took advantage of a legitimate Adobe marketing redirect mechanism, website script injection, and legitimate domains owned by Samsung, Adobe, and Oxford University to convince victims to hand over the credentials to their Office 365 accounts.
According to researchers at Check Point, the attackers used Oxford Universitys email servers to launch reputable-looking phishing messages containing content about an unheard voicemail message. A click on the link sent victims to a Samsung server, where the link then redirected to the malicious lookalike site that harvested the Office 365 credentials.
Ultimately, victims landed on one of a series of compromised WordPress websites with a separate subdirectory for each victim leading to unique URLs. The campaign, which has ended, constantly evolved in the way it used the techniques to evade email and web filter security measures.
Read more 
here
.
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that really bad day in cybersecurity. Click for 
more information and to register
 for this On-Demand event. 

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
O365 Phishing Campaign Leveraged Legit Domains