Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures

  /     /     /  
Publicated : 23/11/2024   Category : security


Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures


Cyberattacker TA2552 primarily targets Spanish speakers with messages that leverage a narrow range of themes and popular brands.



Security researchers have been tracking a phishing campaign that abuses Microsoft Office 365 third-party application access to obtain specific resources from victims accounts. The attacker, dubbed TA2552, mostly uses Spanish-language lures and a narrow range of themes and brands.
These attacks have targeted organizations with a global presence but seem to choose victims who likely speak Spanish, report Proofpoint researchers who have been watching the threat. This activity appeared on the teams radar in January 2020 but could date back to August 2019.
The campaigns follow a similar flow: When a recipient clicks the link, theyre redirected to the authentic Microsoft third-party application consent page at login[.]Microsoft[.]com and asked to grant or deny the requested permissions. If the browser isnt authenticated to Microsoft 365, the user is prompted to do so. When they grant consent, the third-party application will be able to access the currently authenticated Microsoft 365 account, researchers explain in a blog post.
With respect to these campaigns, the list of permissions allowed read-only access to data such as the users contacts, profile, and mail, they say. If the user denies consent, the browser will redirect to an attacker-controlled page, giving the attacker a chance to try and trick them again.
All permissions weve observed requested thus far have been read-only, the researchers explain. While that might seem relatively benign, even allowing an actor read access to a users inbox and contacts can have significant regulatory and privacy consequences. They stress the importance of understanding the risk of permissions requested by third-party apps.
The attack campaign regularly uses messages with Mexican tax and government themes; however, it has branched out to impersonate popular consumer brands. In July, it launched campaigns impersonating Netflix Mexico and Amazon Prime Mexico, researchers report. 
Read the
full writeup
for more information.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Phishing Attack Targets Microsoft 365 Users With Netflix & Amazon Lures