Home > Cyber News > Phishing Campaign Uses Fake Microsoft Login 404 Error Pages
CYBER NEWS

Phishing Campaign Uses Fake Microsoft Login 404 Error Pages

Phishing campaigns are constantly evolving and employing rather unusual methods to tricks users. One such campaign was just unveiled by Microsoft researchers who came across phishing campaigns that utilize custom 404 error pages in an effort to make the users reveal their related credentials.




Phishing Campaign Uses Custom 404 Error Pages

So, how are these attacks put into motion? The first step requires the attackers to register a domain. Then, a custom 404 page is created instead of a more typical phishing landing page. The fake error page displays a fake login form where the potential victim is prompted to type in their Microsoft credentials. This approach enables scammers to have a large number of URLs of phishing landing pages all of which are generated with one registered domain. This is possible because:

Because the malformed 404 page is served to any non-existent URL in an attacker-controlled domain, the phishers can use random URLs for their campaigns. We also found that the attackers randomize domains, exponentially increasing the number of phishing URLs.

According to a series of Microsoft Security Intelligence tweets, “the 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t“.

Related: [wplinkpreview url=”https://sensorstechforum.com/phishing-attacks-wsh-rat/”] Phishing Attacks Are Spreading WSH RAT, Houdini’s New Version

Apparently, the security team discovered the campaign while analyzing phishing emails. The custom 404 page is designed to look like the legitimate Microsoft account sign-in page, tricking users to reveal their credentials, the researchers said.

Phishing is a prevalent threat. Avanan’s 2019 Global Phish Report recently concluded that “one in every 99 emails is a phishing attack, using malicious links and attachments as the main vector.Of the phishing attacks we analyzed, 25% bypassed Office 365 security, a number that is likely to increase as hackers design new obfuscation methods that take advantage of zero- day vulnerabilities on the platform“.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree