Share this article

Improve this guide

Attacker uses an Office 365 site to steal user credentials

2 min. read

Updated onOctober 4, 2023

updated onOctober 4, 2023

Share this article

Improve this guide

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Email phishing may be one of the oldest tricks up the sleeves of any hacker, but it hasn’t run out of fashion yet. For example, a malicious player recently set up anOffice 365phishing base to fraudulently obtain usercredentials.

Pretty much any platform that requires user authentication to allow access can be a target for phishing.

Also, anyone can be a victim, fromSaaScustomers to OneDrive users.

World-class 24/7 support with 83% for a 3 years plan and 3 months free.

Amazing connection speed with 35% off and 3 months free for the 1-year plan.

Best security protocols with 83% off and 2 months free for a 2-year plan.

Malicious actors created an Office 365 email phishing site

Malicious actors created an Office 365 email phishing site

Hackers sent remote workers malicious email links to fraudulently capture their user credentials, according to an Abnormal Securityreport.

For starters, they took advantage of the fact that many organizations are currently setting upVPNsto secure internet connections for their work-at-home employees.

The target receives an email disguised as official communication from their employer’s IT department in this phishing attempt.

Next, the target clicks the link in the email, which leads to aVPNconfiguration that the attacker set up. In the end, the employee lands on a login page hosted on the Office 365 platform.

Since the site looks almost 100% the same as the genuine one, the remote worker, sadly, falls for it.

Therefore, the victim supplies their login details oblivious of the fact that they’re not signing into their employer’s official portal.  So, just like that, the bad actor makes away with the target’s Microsoft credentials.

The attack impersonates a notification email from the IT support at the recipients’ company. The sender email address is spoofed to impersonate the domain of the targets’ respective organizations. The link provided in the email allegedly directs to a newVPNconfiguration for home access. Though the link appears to be related to the target’s company, the hyperlink actually directs to an Office 365 credential phishing website.

Here are tips for optimizing your email security:

Have you ever been a victim of email phishing? Feel free to share your experience in the comments section below.

[wl_navigator]

More about the topics:Cybersecurity

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com, Forexminute.com, The Writers Network and a host of other companies.

User forum

0 messages

Sort by:LatestOldestMost Votes

Comment*

Name*

Email*

Commenting as.Not you?

Save information for future comments

Comment

Δ

Don Sharpe

Tech Journalist

Don has been writing professionally for over 10 years now, simplifying the tech universe for the mases.