Microsoft 365 users targeted by major phishing campaign

Sead Fadilpašić

August 10, 2023 at 9:33 AM·2 min read

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

Someone is targeting high-profile individuals such as C-level executives with super-tailored phishing emails, cybersecurity researchers from Proofpoint have claimed.

The company says it has recently unovered a major campaign whose goal is to steal Microsoft 365 accounts leveraging a known phishing-as-a-service provider known as EvilProxy.

This tool costs around $400 a month and was used to send some 120,000 phishing emails to more than a hundred organizations in the past couple of months. In this particular campaign, the threat actors are stealing login credentials and multi-factor authentication (MFA) codes by redirecting the users multiple times until they land on the specially crafted, malicious landing page. That not only allows them to steal the needed information, but also to evade detection.

Turkish threat actors?

"In order to hide the user email from automatic scanning tools, the attackers employed special encoding of the user email, and used legitimate websites that have been hacked, to upload their PHP code to decode the email address of a particular user," Proofpoint said in its writeup.

"After decoding the email address, the user was forwarded to the final website – the actual phishing page, tailor-made just for that target’s organization."

The researchers also speculate that the attackers are from Turkey, because users with Turkish IP addresses are redirected to the legitimate site immediately and the entire operation gets called off.

> Some of Google's new domain names could pose a serious security risk

> These dangerous phishing attacks are more common than ever - here's what you need to know

> Here's our list of the best ID theft protection software

The researchers also determined that the entire operation was very precise. Targets that were “lower” in an organization’s hierarchy were ignored, or de-prioritized. Instead, high-position individuals, “VIP” targets, were more attractive. Almost two in five (39%) of the breached accounts were C-Suite, almost a tenth (9%) were CEOs and vice presidents, and almost a fifth (17%) were CFOs.

The rest were not executives, but still individuals with access to sensitive information, or financial assets.

The only way to defend against these attacks is to make sure the targets don’t fall for the trap and click on the link, or download the attachment, sent in these emails. FIDO-based physical keys can also help, the researchers concluded.

These are the best firewalls to keep your business safe

Via: BleepingComputer

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
Welcome to the WNBA: Caitlin Clark's regular-season debut is anything but easy
Clark set the Indiana Fever’s franchise record for turnovers (10), shot 5-of-15 from the floor and struggled with the Connecticut Sun’s physical defense.
Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
Rory McIlroy files for divorce from wife Erica after seven years of marriage
On the eve of the PGA Championship, Rory McIlroy has filed for divorce from his wife, Erica.
Yahoo Sports
Fox Sports host Doug Gottlieb hired as Green Bay's coach, will reportedly still host radio show
Gottlieb's repeatedly courted controversy in his media role and will reportedly continue to host his nationally syndicated radio show while coaching Green Bay.
Yahoo Sports
Astros pitcher Ronel Blanco ejected after foreign substance check early in win over A's
Ronel Blanco, who threw a no-hitter earlier this year, is now likely facing a 10-game suspension.
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Sports
Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?
In one scenario, Dallas makes Prescott the highest paid player in NFL history. In another, the Cowboys decline that commitment, at which point another team will make him the top paid player in NFL history.
Yahoo Finance
Utility stocks are on fire — here are Wall Street analysts' top picks
Utility stocks are outperforming the broader markets. Here's a look at three top picks from analysts.
Yahoo Finance
JPMorgan gives a lift to another troubled regional bank
JPMorgan Chase is once again providing a lift to another troubled regional lender a year after it helped calm a banking crisis. This time, it's NYCB.
Yahoo Sports
MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list
Here's a look at the rookies who have stood out on each team through the first quarter of the 2024 season.
Yahoo Sports
The Man City machine sputters, but sneaks past Tottenham to the cusp of a historic EPL title
Manchester City beat Tottenham 2-0, and is now one win away from a fourth consecutive English Premier League title.
Autoblog
Best used cars to buy in 2024: From trucks and SUVs to EVs
The best used cars to buy in 2024 include small and midsize cars, trucks, crossovers and SUVs, and even a couple of used electric cars.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Yahoo Sports
NFL schedule: Packers, Jets, Bears join 6 other teams playing regular-season games outside U.S.
If you're considering a vacation in 2024, why not travel to see an NFL game?
Yahoo Sports
Formula 1: After Lando Norris' Miami win, Max Verstappen is a smaller favorite than usual ahead of Imola
Verstappen has won four of the first six races in 2024.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Finance
New inflation reading offers hope for Fed rate cuts
Inflation pressures eased in April, an encouraging sign for the Fed. But the progress was likely not enough to justify rate cuts yet.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Microsoft 365 users targeted by major phishing campaign

Turkish threat actors?

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

Welcome to the WNBA: Caitlin Clark's regular-season debut is anything but easy

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

What scouts think of Bronny James' NBA prospects

Rory McIlroy files for divorce from wife Erica after seven years of marriage

Fox Sports host Doug Gottlieb hired as Green Bay's coach, will reportedly still host radio show

Astros pitcher Ronel Blanco ejected after foreign substance check early in win over A's

The Spin: Making a call on 5 slumping fantasy baseball stars

Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?

Utility stocks are on fire — here are Wall Street analysts' top picks

JPMorgan gives a lift to another troubled regional bank

MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list

The Man City machine sputters, but sneaks past Tottenham to the cusp of a historic EPL title

Best used cars to buy in 2024: From trucks and SUVs to EVs

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

NFL schedule: Packers, Jets, Bears join 6 other teams playing regular-season games outside U.S.

Formula 1: After Lando Norris' Miami win, Max Verstappen is a smaller favorite than usual ahead of Imola

The best budgeting apps for 2024

Here's 1 big investing mistake you are probably still making

New inflation reading offers hope for Fed rate cuts