Microsoft Outlook credentials are being actively hijacked from users that have fallen for a dangerous active phishing campaign. The hackers behind it are using advanced elements such as overlay screens and policies in order to manipulate the victims into typing in their personal data.
Microsoft Outlook Users Need To Be Wary of New Dangerous Phishing Campaign
Computer security researchers note that there is an active phishing campaign focusing on computer users worldwide. Conveniently the hackers who are behind it are abusing the current COVID-19 pandemic and masks the email messages as notes from a technical support team from a company the intended victims may work for. This shows that the criminals must have made some kind of prior research in order to pick the victims and plan the contents and layout of the sent messages.
The contents of the messages is a failed message delivery — they will read that the actual message has been quarantined and that the users will need to manually click on a link in order to show it.
When this link is opened the victims will be redirected to a prompt that will be unique based on the predefined company details by the hackers. As a result, the phishing campaign will not provide a generic prompt, but rather a personalized and very dangerous attack. The prompt will be based on an overlay image which will be shown on top of the window thus making it look like a safe and legitimate part of the viewed application. The target company’s home page will be shown in the background and the overlay will be shown above it which is an advanced technique that is rarely seen in phishing campaigns.
The analysis of the captured samples shows that the controlling server uses custom addresses in order to provide the target overlay. If the users’ account details are entered in the forms they will be automatically redirected to the hackers thereby granting them access to the company’s intranet pages and services. At the moment there is no information about the identity of the hacker collective behind this attack however it is speculated that they are very experienced and will continue to develop the phishing campaign.