According to a warning provided by the Microsoft Security Intelligence (MSI) team via Twitter, Office 365 users are now in the crosshairs of hackers in a new phishing effort. To get through email filters, malicious actors are using email addresses that appear to be real and display names that look like legitimate services.
Cybercriminals are going above and beyond to deploy detection-evasion tactics that are alarmingly plausible and authentic-looking, according to Microsoft.
The MSI team discovered a new email phishing campaign that it describes as “crafty.”
An active phishing campaign is using a crafty combination of legitimate-looking original sender email addresses, spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filtersMSI explained on Twitter
The emails use a SharePoint lure in the display name as well as in the message, which poses as a "file share" request for supposed "Staff Reports", "Bonuses", "Pricebooks", and other content, with a link that navigates to the phishing page. pic.twitter.com/c33awiAeH4
— Microsoft Security Intelligence (@MsftSecIntel) July 30, 2021
The false phishing campaign is aimed at Office 365 users who frequently share attachments to coworkers. MSI discovered phishing emails that appeared to be coming from a reliable source. Many of the emails contained phony Microsoft SharePoint attachments labeled “Price Books,” “Bonuses,” and “Staff Reports,” among other things.
The phishing emails employ a technique known as “typosquatting,” which is registering intentionally misspelled domains that appear to be similar to a well-known brand at first glance. The minor error would go unnoticed by most quick readers.
If users fall for the hook and click the “Open” link, they will be directed to a website where they will be asked to enter their Microsoft or Google credentials. These sign-on pages, according to MSI, are incredibly convincing, leading visitors to assume that they are on a secure path to a real website.