Fake Outlook Credential Upgrade Campaign Phishes for Employee Credentials
Bad actors are using a message disguised as an official notification from the Outlook team to trick people into entering their credentials into a phishing website, leaking them in the process and exposing the company they work for.
Phishing is one of the most common methods to obtain legitimate credentials, letting attackers compromise systems with ease. Most of the time, data collected from such phishing campaigns ends up for sale on the dark web.
Since Office 356 and adjacent products are widespread in organizations and companies, bad actors try to trick people into sharing their credentials with third parties. The same credentials can be used across an organization’s entire infrastructure, not just for emails and other office work.
“The attacker impersonates an automated notification from the Outlook team on behalf of the recipient’s company,” reads the advisory from Abnormal Security. “Recipients are urged to ‘upgrade’ their Outlook services within 24 hours, or email deliveries to them will be delayed.”
If the user clicks on the link, a fake Outlook login page opens (hosted on GoDaddy). After the user enters the credentials, a popup informs the user that the upgrade will be completed in the next 48 hours. In that time, the account is exposed completely.
The one thing that distinguished this attack is that the text of the email is somewhat ambiguous, as it’s unclear where it comes from; it could be either the Outlook team or the IT department.
It goes without saying that people should not open emails from unknown sources, but sometimes the emails might look legitimate. Users should always be wary of emails that instruct them to use their credentials. If you’re not sure if an email is legitimate, contact the IT department. A good policy is to assume that emails of this type are a phishing attempt.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021