- Joined
- May 15, 2016
- Messages
- 14,123
- Likes
- 2,643
- Points
- 1,730
Over the past three months, at least 2.5 thousand fake emails have been sent to high-ranking employees of banks and IT companies.
Cybercriminals are sending thousands of phishing emails to Microsoft Office 365 users as part of an ongoing malicious campaign to steal credentials. Attackers lend legitimacy to the campaign by using a fake Google reCAPTCHA system and top-level domain landing pages that display the victims' company logos.
According to Zscaler's ThreatLabZ security research team, over the past three months, at least 2,500 such emails have been sent to senior banking and IT personnel. The emails first redirect recipients to a fake Google reCAPTCHA page. Google reCAPTCHA is a system for protecting websites from spam and abuse, using the Turing test to distinguish between people and bots.
After passing a fake reCAPTCHA test, users are redirected to a phishing landing page where they are prompted for their Office 365 credentials.
“The attack is targeting senior business leaders, such as vice presidents and directors, who are likely to have a higher level of access to sensitive company data. The aim of the campaigns is to steal the credentials of victims and gain access to valuable assets of firms, ”the experts explained.
The phishing emails are disguised as automated emails from victims' UC facilities, which supposedly contain a voicemail attachment.
Microsoft's login pages also contain various logos of the companies that the victims work for, such as the software developer ScienceLogic or the office rental company BizSpace.
“After entering the credentials, the phishing campaign will display a fake message that says 'Verification was successful.' Then users are shown a recording of the voicemail message, which they can play, which allows attackers to avoid suspicion, ”the experts noted.
Researchers found many campaign-related phishing pages that were hosted using generic top-level domains such as .xyz, .club, and .online. These top-level domains are commonly used by cybercriminals for spam and phishing attacks.
__________________
Cybercriminals are sending thousands of phishing emails to Microsoft Office 365 users as part of an ongoing malicious campaign to steal credentials. Attackers lend legitimacy to the campaign by using a fake Google reCAPTCHA system and top-level domain landing pages that display the victims' company logos.
According to Zscaler's ThreatLabZ security research team, over the past three months, at least 2,500 such emails have been sent to senior banking and IT personnel. The emails first redirect recipients to a fake Google reCAPTCHA page. Google reCAPTCHA is a system for protecting websites from spam and abuse, using the Turing test to distinguish between people and bots.
After passing a fake reCAPTCHA test, users are redirected to a phishing landing page where they are prompted for their Office 365 credentials.
“The attack is targeting senior business leaders, such as vice presidents and directors, who are likely to have a higher level of access to sensitive company data. The aim of the campaigns is to steal the credentials of victims and gain access to valuable assets of firms, ”the experts explained.
The phishing emails are disguised as automated emails from victims' UC facilities, which supposedly contain a voicemail attachment.
Microsoft's login pages also contain various logos of the companies that the victims work for, such as the software developer ScienceLogic or the office rental company BizSpace.
“After entering the credentials, the phishing campaign will display a fake message that says 'Verification was successful.' Then users are shown a recording of the voicemail message, which they can play, which allows attackers to avoid suspicion, ”the experts noted.
Researchers found many campaign-related phishing pages that were hosted using generic top-level domains such as .xyz, .club, and .online. These top-level domains are commonly used by cybercriminals for spam and phishing attacks.
__________________