Home > Cyber News > Phishing Campaign Uses Fake Microsoft Login 404 Error Pages
CYBER NEWS

Phishing Campaign Uses Fake Microsoft Login 404 Error Pages

by   |  Last Update:  |  0 Comments  

Phishing campaigns are constantly evolving and employing rather unusual methods to tricks users. One such campaign was just unveiled by Microsoft researchers who came across phishing campaigns that utilize custom 404 error pages in an effort to make the users reveal their related credentials.




Phishing Campaign Uses Custom 404 Error Pages

So, how are these attacks put into motion? The first step requires the attackers to register a domain. Then, a custom 404 page is created instead of a more typical phishing landing page. The fake error page displays a fake login form where the potential victim is prompted to type in their Microsoft credentials. This approach enables scammers to have a large number of URLs of phishing landing pages all of which are generated with one registered domain. This is possible because:

Because the malformed 404 page is served to any non-existent URL in an attacker-controlled domain, the phishers can use random URLs for their campaigns. We also found that the attackers randomize domains, exponentially increasing the number of phishing URLs.

According to a series of Microsoft Security Intelligence tweets, “the 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t“.

Related: [wplinkpreview url=”https://sensorstechforum.com/phishing-attacks-wsh-rat/”] Phishing Attacks Are Spreading WSH RAT, Houdini’s New Version

Apparently, the security team discovered the campaign while analyzing phishing emails. The custom 404 page is designed to look like the legitimate Microsoft account sign-in page, tricking users to reveal their credentials, the researchers said.

Phishing is a prevalent threat. Avanan’s 2019 Global Phish Report recently concluded that “one in every 99 emails is a phishing attack, using malicious links and attachments as the main vector.Of the phishing attacks we analyzed, 25% bypassed Office 365 security, a number that is likely to increase as hackers design new obfuscation methods that take advantage of zero- day vulnerabilities on the platform“.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. 404 Keylogger Mac Virus Removal Guide 404 Keylogger 404 Keylogger is an executable file, a keylogger...
  2. How to Remove Phishing Scams in 2021 This article has been created in order to help you...
  3. Pages Cant Open Documents Mac Error – How to Fix It What Is Pages Cant Open Documents? Pages Cant Open Documents...
  4. Error Code 102 Mac – What Is It + How to Fix It [Solved] What Is Error 102? Error 102 is a generic error...
  5. Error -2003F Mac – What Is It & How to Fix It [Free] What Is Error -2003F? Error -2003F is a runtime type...
  6. Error -2106F Mac – How to Fix It [Quick & Easy] What Is Error -2106F? Error -2106F is the name of...
  7. Error 49244 Mac – How to Fix It [Free Guide] What Is Error 49244? Many users have reported Error 49244...
  8. How to Detect and Remove Phishing (Fake) Web Pages This article aims to provide insight on phishing web pages...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree