Home > Cyber News > Microsoft Outlook Credentials Hijacked Via Phishing Campaign

Microsoft Outlook Credentials Hijacked Via Phishing Campaign

Microsoft Outlook credentials are being actively hijacked from users that have fallen for a dangerous active phishing campaign. The hackers behind it are using advanced elements such as overlay screens and policies in order to manipulate the victims into typing in their personal data.

Microsoft Outlook Users Need To Be Wary of New Dangerous Phishing Campaign

Computer security researchers note that there is an active phishing campaign focusing on computer users worldwide. Conveniently the hackers who are behind it are abusing the current COVID-19 pandemic and masks the email messages as notes from a technical support team from a company the intended victims may work for. This shows that the criminals must have made some kind of prior research in order to pick the victims and plan the contents and layout of the sent messages.

The contents of the messages is a failed message delivery — they will read that the actual message has been quarantined and that the users will need to manually click on a link in order to show it.

Related: [wplinkpreview url=”https://sensorstechforum.com/custom-windows-10-themes-abused/”] Custom Windows 10 Themes Can Be Abused To Steal User Credentials

When this link is opened the victims will be redirected to a prompt that will be unique based on the predefined company details by the hackers. As a result, the phishing campaign will not provide a generic prompt, but rather a personalized and very dangerous attack. The prompt will be based on an overlay image which will be shown on top of the window thus making it look like a safe and legitimate part of the viewed application. The target company’s home page will be shown in the background and the overlay will be shown above it which is an advanced technique that is rarely seen in phishing campaigns.

The analysis of the captured samples shows that the controlling server uses custom addresses in order to provide the target overlay. If the users’ account details are entered in the forms they will be automatically redirected to the hackers thereby granting them access to the company’s intranet pages and services. At the moment there is no information about the identity of the hacker collective behind this attack however it is speculated that they are very experienced and will continue to develop the phishing campaign.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree