Yet another very clever phishing technique revealed
The below example is very clever as the bad guys just bought hosting space on the Azure cloud, so when you go there you see a signed certificate belonging to Microsoft and the domain ends with windows.net which looks like a legitimate Microsoft Domain (since it is one)
P.S this is another threat that we can block with an Exchange rule as part of our security offering.
Outlook and Microsoft Account Phishing Emails Utilize the Microsoft Azure Storage
Researchers have found two ongoing phishing campaigns utilizing Microsoft's Azure Blob Storage in order to steal recipient's Outlook and Microsoft account credentials.
Both of these campaigns use convincing landing pages that utilize the SSL certificates and the windows.net domain to appear legitimate.
The first phishing email campaign is asking recipients to login to their Office 365 account in order to update information.
These emails have a subject of "Action Required: [email_Address] information is outdated - Re-validate now!!".
Microsoft account phishing landing page
Related Articles
FYI: Another new clever type of Email phishing attack
FYI: This is now being sent on mass and might confuse users to enter password details Note the nice trick with the **** password hidden, which is a clever way making this look more authenticAnother day - another security vulnerability: Dell Support Assist
A Windows support tool bundled with Dell computers has a high-severity security hole that leaves millions of systems at risk of a privilege-escalation attack, Dell has announced that both the Business and Home versions of its SupportAssist tool have ...