As per the Tuesday report by Cofense, which has studied the numbers of emails related attacks including 57 percent of attacks which were phishing emails targeting victims’ sensitive credential information such as usernames and passwords.
Additionally, 45 percent of those phishing emails were Microsoft-themed, according to the researchers: threat actors are using both methods for their targets including Microsoft-themed lures for their emails, along with, ensuing phishing landing pages that will either leverage or spoof legitimate Microsoft domains or services.
“With the number of organizations migrating to Office 365, targeting these credentials allows the threat actor to gain access to the organization as a legitimate user to go undetected,” researchers with Cofense told the press. They added that they “highly recommend organizations enable [multi-factor authentication] along with their [Office 365] migration/ implementation.”
Malicious actors email trap can vary; sometimes it could display straightforward “‘Joe wants to share a document with you’ SharePoint alert you would normally see from Microsoft,” researchers explained — or it could attach a file with documents that will include a link to a website asking users to login with Microsoft credentials.
In October, a phishing campaign was reported which appeared to be an automated message from the team of Microsoft telling users that they had a missed Teams chat but in reality, it was a trap, attacking Office 365 recipients’ login credentials.
Another attack with a different patter had occurred in December which employed embedded URLs that redirect to the fake, never-seen-before Microsoft Office 365 phishing pages. For instance, the attack displayed emails that were impersonating businesses like eFax (which allows consumers to receive faxes via email or online with help of internet service.)
“We also see [cybercriminals] giving the user options to choose from the most commonly used email platforms. The phishing emails often contain URLs hosted on legitimate domains that maintain a broad consumer base to avoid being blocked by content rules and filters.” said, researchers.
“Other popular brands we observed asking for credentials were other various cloud hosting services such as Adobe, Dropbox, Box, DocuSign or WeTransfer,” researchers told the press. “Threat actors have been able to scour the internet looking for file-sharing websites that are deemed ‘business related’ in order to make it past the secure email gateway controls, as well as the web proxy filters.”