Clever Microsoft Phishing Scam Creates a Local Login Form

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A clever phishing campaign has been spotted that bundles the scam's landing page in the HTML attachment rather than redirecting users to another site that asks them to log in.

A typical credential-stealing phishing scam consists of an email where the attacker tries to convince the user to click a link in order to retrieve a document or prevent something from happening. These links will then bring the user to a web site, or landing page, that includes a login form where the user must enter their login credentials to proceed.

With this type of attack, users can either detect the scam by the contents of the email, by a suspicious remote site and landing page, or by alerts from security solutions.

Let's show login form locally instead

To prevent users from becoming suspicious when they are redirected to a site with a strange domain or URL, a clever scammer decided to generate the phishing scam directly in the user's browser without going to a remote site.
... ...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top