The Gist
A new phishing campaign of malicious emails abusing Microsoft 365 has been uncovered by security researchers at Guardz. This latest attack vector leverages legitimate Microsoft domains and tenant misconfigurations to steal credentials, ultimately taking over users’ accounts.
This attack method differs from other forms of phishing, which makes it particularly concerning. This campaign operates entirely within the Microsoft ecosystem, evading security measures and appearing legitimate to other Microsoft users, allowing cyber criminals to drop harmless phishing lures that make their intended victims more likely to take the bait.
How They’re Doing It
Fraudsters were observed controlling multiple Microsoft 365 user accounts and creating administrative accounts. They then created fraudulent full-text messages while manipulating Microsoft transaction notifications and initiating a subscription purchase or trial. They then sent phishing emails using Microsoft’s infrastructure to direct their targets to a call center to deal with these transactions, ultimately lifting sensitive information from their intended target.
By tweaking names, leveraging an established communication channel, and ultimately moving the communication medium to voice, the attackers were able to completely bypass any existing security controls that were in place. The inability to block any of these communications gives cybercriminals a clear shot at their intended target, which can have disastrous consequences.
Trustmi’s Take
As can be seen in this example, phishing attacks are becoming increasingly sophisticated, exploiting trusted apps and ecosystems like Microsoft 365 to bypass conventional security measures. To stay protected, businesses need proactive solutions that seamlessly integrate with their workflows. Trustmi’s behavioral AI provides comprehensive visibility across email systems and ERPs, identifying anomalies in real time and preventing malicious communications before they lead to fraud. With Trustmi, organizations can safeguard their finances and sensitive accounts against even the most advanced phishing threats.
Learn more about how cybercriminals are using phishing techniques to target an organization’s finances? Check out this blog to learn more.
