Credential phishing on the rise with Office 365 a top target
New research from Menlo Security reveals that numbers of fake login pages and forms looking to steal credential are on the increase.
The majority of attacks are serving Outlook and Office 365 logins, reflecting the widespread use of these services across corporate environments.
Services like Azure, One Drive, Box, Firebase, Box, and Dropbox continue to be leveraged to host phishing pages, and popular note taking app Evernote is now being used too. New attack tactics include the use of data URLs/encoding to mask content, dynamic content generation, leveraging of local HTML/PDF decoy files, dynamic loading of brand logos.
Dynamically generated pages pre-enter the user's email address so all they have to do is enter their password. This method allows company logos to be added too, with generic Microsoft logos used if none are found. Attackers can thus bypass anti-phishing solutions that rely on content inspection.
The travel industry is a key target for Office 365 phishing attacks, accounting for 51 percent, followed by health and medicine at 26.8 percent and science and technology at 7.3 percent.
"Cybercriminals are trying to add complexity to carry out phishing campaigns to steal sensitive information," concludes Menlo Labs researcher, Krishnan Subramanian. "With free services like Let's Encrypt, it is becoming increasingly easier for attackers to host phishing sites behind SSL with a relatively short TTL for maximum hit rate. Increasing cybersecurity awareness through training and education initiatives is often helpful in reducing the impact of credential phishing attacks, but corporate users should be cautious when a site presents a form that asks for personal/sensitive information."
You can read more on the Menlo blog.