Microsoft warns Outlook, Word and Powerpoint users as nasty new threat discovered

We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info

Mircosoft is warning users of its 365 service to be on high alert after the discovery of a nasty, and highly convincing, new scam. The US technology giant says users of this subscription platform – which includes access to Word, Powerpoint and Outlook – are being targeted by a widespread credential phishing campaign that is trying to steal account details and passwords.

What makes this latest threat so serious is that the scammers are using a clever new trick that makes it very easy to be fooled. The latest attack uses an email that contains enticing links aimed at getting users to click on them.

Usually, fake links are easy to spot as simply hovering your cursor over them will reveal the web address that you’ll actually be pushed to – this is often different from what the email claims.

However, Microsoft says that hovering over these new links displays a genuine web address which makes people think it’s safe to tap on.

Once clicked, a number of redirect pages are then opened with users sent to an official-looking reCAPTCHA verification page. Most web users will be aware of these Google security pages which pop up to help websites check a person on the other end of the computer is real and not a robot.

Windows 11: Microsoft teases brand new software update

By displaying this CAPTCHA verification users again believe that the link they have clicked on is real with Microsoft saying this trick adds a sense of legitimacy to the scam.

Next, a fake 365 log page appears with users asked to enter their details.

If the user enters their password, the page refreshes and displays an error message stating that the page timed out or the password was incorrect and that they must enter their password again. This is likely done to get the user to enter their password twice, allowing attackers to ensure they obtain the correct password.

Once the user enters their password a second time, the page directs to a legitimate website that claims an email message has been released. This adds another layer of false legitimacy to the phishing campaign.

Speaking about the threat, Microsoft said: “Today’s email threats rely on three things to be effective: a convincing social engineering lure, a well-crafted detection evasion technique, and a durable infrastructure to carry out an attack. This phishing campaign exemplifies the perfect storm of these elements in its attempt to steal credentials and ultimately infiltrate a network.”

And in response to this new scam Javvad Malik, security awareness advocate at KnowBe4 added: “Criminals continue to evolve their techniques and tactics to ensure their phishing campaigns are more successful. Using redirects or hiding behind captcha’s are a good way to bypass link verification checks or other tools. “

Source: Read Full Article