Microsoft Tracks Widespread Credential Phishing Campaign

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,048
Microsoft has been tracking a widespread credential phishing campaign using open redirector links combined with social engineering lures that spoof known productivity tools to trick users. Attackers also use a CAPTCHA verification page to add a sense of legitimacy to the campaign. [...]
"The use of open redirects in email communications is common among organizations for various reasons," the Microsoft 365 Defender Threat Intelligence Team wrote in a blog post. Sales and marketing campaigns use this to bring customers to desired landing pages and track click rates and other metrics.
"However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter," officials continue. "Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top