Please note that some mail received via Outlook or Exchange can be dangerous.
Users of Microsoft email clients are the target of a new phishing campaign. The warning comes from cybersecurity researchers at ThreatLabz.
By definition, a phishing attack, phishing in French, spreads electronically. For example, by email. Once the attack is launched, the attacker pretends to be a trustworthy person or organization. Its goal ? Obtain the personal information of these targets. For example, their login credentials or credit card number.
A well-crafted attack
Last June, ThreatLabz researchers observed an increase in the use of advanced phishing kits in a large-scale campaign, a report says. They would have based their research on the Zscaler cloud, which allowed them to discover several new areas “used in an active credential theft phishing campaign”.
According to them, the attack in question uses an AiTM (Adversary-in-the-Middle) model. It allows him to avoid its detection and bypass the protections. In other words, the phishing kit is based on a proxy allowing the attack to bypass multi-factor authentication. This method requires users to prove their identity using at least two different verification factors before accessing an account. Thanks to this process, even if a hacker succeeds in compromising one of the two factors, the data will still be protected by another barrier. Additionally, the attack uses URL redirection methods to evade email URL scanning solutions.
Concretely, these phishing attacks start by sending emails containing malicious links. Targets can be business (Microsoft Exchange) or individual (Microsoft Outlook) accounts. The campaign would be specifically designed to reach users of the business email service. Once they trap these accounts, hackers use them as a springboard for spreading their attack. “In some cases, executive work emails were compromised using this phishing attack and then used to send other phishing emails as part of the same campaign”says Zscaler.
The majority of the targets would be companies in the fintech, lending, finance, insurance, accounting, energy and federal credits sectors. But “this is not an exhaustive list of targeted industrial verticals”, insists the report. Geographically, the most affected areas are the United States, United Kingdom, New Zealand and Australia.
Follow Geeko on Facebook, Youtube and Instagram to not miss any news, tests and tips.