Ever increasing Office365 Credential Phishing Campaigns

Atharva Chincholkar August 26, 2020 Credential Stealing

In the advent of widespread electronic communication we relied on a password for verifying the identity of a person. As it turns out, passwords are not secure enough to trust most information with. Two Factor Authentication to the rescue! right? Well, it’s not so easy.

As systems have become secure, the attackers have shifted their focus on capitalizing on the weakest link - Humans. While 2FA has somewhat solved the problem of people using 'password' or '1234' as their passwords, it cannot fix the inherent problem with humans. We make decisions based on our knowledge which is flawed most of times. Attackers take advantage of this to carry out social engineering attacks such as phishing.

Risk of Phishing attacks

Verizon Data Breach Investigation Report 2019 observed Phishing was used in 32% of confirmed breaches, and also 78% of cyber-espionage cases. Additionally, VDBIR also states that 29% breaches involved the use of stolen credentials which again is commonly accomplished through phishing attacks.

Due to the large number of successful phishing attacks, VDBIR mentions it as a #1 Threat Action

Phishing attacks on Office 365

As such, there have been multiple attacks against Microsoft’s Office 365 platform which hosts productivity apps and documents, very important to businesses.

This phishing campaign uses Google’s Ads services to get around secure email gateways. Here you can see how blindly trusting anyone, even Google, can backfire.

Zoom Phishing mail
(source: Abnormal Security)

Office 365 Phishing page
(source: Abnormal Security)

With the popularity of Zoom skyrocketing, the attackers have been bandwagoning onto the new attack vector to target Office 365 logins. The trick they used is to rush the users by making them believe that their Zoom account might get suspended. Oh! The horror of not attending a meeting!

They have also used fake Teams alert, Relief payments, VPN configs to try to get your Office logins. Looks like they desperately want your office 365 credentials.

All the more reason to protect yourself against such attacks.

Effective Mitigation for Phishing: Go Passwordless

When all the training campaigns are failing & URL checking anti phishing measures are proving to be far more intrusive, you can effectively mitigate the risk of Phishing by going Passwordless. 

With PureAuth passwordless authentication, you can effectively mitigate the risk of having your password stolen by phishing and a number of other methods. 

Try out PureAUTH, which offers passwordless secure access to not just Office 365 but many other services like AWS, GCP, G-Suite, Microsoft Azure and others.

Share the post    
Previous Post
Writing after a long gap. We were engaged with Black Hat, DEFCON 28 & Blockchain Village 2020 remotely in #SAFEMODE. This was a great experience. In my previous blog I had mentioned that in-mobile phishing apps stealing credentials are getting mainstream. Two weeks ago the media around the world was raked with the news of […]
Read More...
Virtual Private Networks (VPNs) systems are widely used by enterprises to provide secure remote access to their employees. VPN allows for easy access to the infrastructure, but it also opens up the corporate network to the internet. All VPNs use password based authentication which are susceptible to various types of attacks. Many enterprises use 2FA […]
Read More...