CYBER NEWS

Microsoft Outlook Credentials Hijacked Via Phishing Campaign


Microsoft Outlook credentials are being actively hijacked from users that have fallen for a dangerous active phishing campaign. The hackers behind it are using advanced elements such as overlay screens and policies in order to manipulate the victims into typing in their personal data.




Microsoft Outlook Users Need To Be Wary of New Dangerous Phishing Campaign

Computer security researchers note that there is an active phishing campaign focusing on computer users worldwide. Conveniently the hackers who are behind it are abusing the current COVID-19 pandemic and masks the email messages as notes from a technical support team from a company the intended victims may work for. This shows that the criminals must have made some kind of prior research in order to pick the victims and plan the contents and layout of the sent messages.

The contents of the messages is a failed message delivery — they will read that the actual message has been quarantined and that the users will need to manually click on a link in order to show it.

Related:
A security researcher has discovered that Windows 10 themes can be used to steal users data using a technique called pass-the-hash
Custom Windows 10 Themes Can Be Abused To Steal User Credentials

When this link is opened the victims will be redirected to a prompt that will be unique based on the predefined company details by the hackers. As a result, the phishing campaign will not provide a generic prompt, but rather a personalized and very dangerous attack. The prompt will be based on an overlay image which will be shown on top of the window thus making it look like a safe and legitimate part of the viewed application. The target company’s home page will be shown in the background and the overlay will be shown above it which is an advanced technique that is rarely seen in phishing campaigns.

The analysis of the captured samples shows that the controlling server uses custom addresses in order to provide the target overlay. If the users’ account details are entered in the forms they will be automatically redirected to the hackers thereby granting them access to the company’s intranet pages and services. At the moment there is no information about the identity of the hacker collective behind this attack however it is speculated that they are very experienced and will continue to develop the phishing campaign.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...