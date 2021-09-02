Microsoft warns Office 365 users: a large-scale phishing campaign seeks to seize their credentials (passwords and usernames). To deceive Internet users, hackers slip redirect links into seemingly harmless emails. These links relay the victims on a site fraudulent designed to steal their credentials.

In a post published on August 26, 2021, the team of Microsoft 365 Defender Threat Intelligence details how a new phishing campaign works. First, Office 365 users will receive an email. In the mail, hackers pose as Microsoft and others “Well-known productivity tools and services”. Microsoft cites the Sophos security solution in particular.





The fraudulent email contains a series of links. All of these links are designed to relay the victims on a fake website mimicking the interface of Office 365 or another service. The page asks for the password and username of Internet users. The data is then retrieved and transmitted to a remote server.

Microsoft discovered 350 phishing sites linked to the attack

To redirect victims to the site of their choice, hackers rely on a security flaw well known to experts: open redirect. This breach prevents a web browser from properly authenticating URLs. De facto, hackers can relay Office 365 users to a fraudulent URL page without a warning being displayed.

“Attackers could abuse open redirects to link to a malicious URL in a trusted domain. Such abuse can prevent users and security solutions from quickly recognizing malicious intent ”, emphasizes the Microsoft 365 Defender Threat Intelligence team. Microsoft has identified 350 domain names dedicated to the phishing campaign.

Before clicking on a link found in an email, we generally advise you to hover over it with your mouse. In this way, you can see the URL address at a glance. In this case, the hackers managed to bypass the systems put in place. “Users see a legitimate domain name that is likely associated with a business they know and trust”, continues the software publisher. For its part, Google recalls that the preview of a hovered link “Is not a reliable safety indicator”.

To allay the mistrust of victims, hackers also add a reCAPTCHA to their redirects. This detection system allows websites to verify that an Internet user is not a robot. These elements make it possible to prevent the Internet user from suspecting that the trap is closing in on him.