Office 365 users beware: New phishing attack is stealing login details

In what could be alarming news for Office 365 users, hackers have launched a large-scale, coordinated phishing campaign with the help of voicemail scam pages. If you are an Office 365 user, you better be careful because researchers claim to have found three different malicious phishing kits. These kits were used to harvest the user's credentials. Researchers say they also found evidence of multiple high-profile companies being targeted by this kind of attack. We just saw a Kaspersky report that industrial organisations have consistently been on the radar of cyber threats and as much as 67 per cent of industrial companies do not report cybersecurity incidents to regulators.

Methodology of this phishing attack

As researchers explain, the attack begins with an email informing victims that they have missed a phone call. The email also requests Office 365 users to sign in to their account and access their voicemail. Following is an example of the malicious phishing email. In some cases, the attachment also contains an audio recording of someone talking, primarily to make you believe you are listening to the beginning of a legitimate voicemail. This is where things get tricky. It also contains an attachment in the form of an HTML file. When loaded, it will redirect you to the phishing page, which looks similar to the official login page of Office 365. To make the page look more genuine, the email address will be prepopulated and all victim has to do is enter the password.

By now you must have figured out that the trick here is to make victims enter the password in the phishing page. Once you enter the password, a successful login page will be displayed and you will be redirected to the actual, official office.com login page. With this method, attackers harvest data such as victim's email address, password, IP address and location.

"As explained in the introduction, we were surprised to observe three different phishing kits being used to generate malicious websites. All three look almost identical but we were able to differentiate them by looking at the generated HTML code and the parameters which were accepted by the PHP script," McAfee researchers Oliver Devane and Rafael Pena said in their blog post.

Findings

The service industry is hit the most (18 per cent) by this phishing campaign, followed by the financial industry (12 per cent), IT service industry (12 per cent), retail industry (10 per cent) and insurance industry (9 per cent).

What is phishing

Unlike sophisticated malware attacks, phishing is more like social engineering where victims are provided with a fake, duplicate web page disguised as a genuine website. The page is scripted such a way that anything entered in the login credential fields will be sent to the attacker (email address, password). Since it is not official login page, in most cases, users are redirected to the official login page after submitting details on the phishing page.