Office 365 Phishing Kits Are Being Used in a New Attack Targeting Execs and Finance

06/04/2021 14:07 - By Bill
Blog courtesy of KnowBe4
Written by Stu Sjouwerman
A new highly-targeted spear-phishing campaign is seeking to compromise the online credentials of those with influence within an organisation using an Office 365-themed update attack.

The bad guys used to try to con anyone with the organisation they could and then work to swim “upstream” to compromise someone in IT, an executive, etc. These days, the bad guys are dialled into using online tools like LinkedIn to identify their targets and work by using social engineering tactics to convince their victims into giving up valuable credentials.

In a new attack spotted by security vendor Area 1 targets financial departments, C-suite executives and executive assistants within the financial services, insurance and retail industries.
Using an Office 365 service update phishing email as the initial attack vector, prospective victims are encouraged to open the attachment to read about an important update. The attachment can be a PDF, HTML or HTM file.

Source: Area 1

A JavaScript “unescape” command is used to obfuscate the HTML that loads a phishing kit-based Office 365 credential harvesting site. The phishing kit even includes a very realistic touch of popping up an updated privacy policy before allowing the user to continue.

Source: Area 1

All this works to lower the victim’s defences, establish credibility, and increase the chance of attack success.

Teaching users via Security Awareness Training to watch out for abnormal communications (such as “Microsoft” using an attachment to convey update details) can stop attacks like these in their tracks, no matter how convincing their phishing kit is.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organisation compares to others in your industry
    Go Phishing Now!

    Bill

    Tags :
    Categories :