Phishing Email Uses Google Ad Redirect to Steal Microsoft Credentials


Security researchers came across a phishing email that used a Google Ad redirect as a part of its efforts to steal victims’ Microsoft credentials.

Cofense found that the email originated from the legitimate email address “info@jtpsecurity[.]co[.]za.” The security firm reasoned that attackers had compromised that email account and abused their access to target employees in multiple organizations.

The email arrived with a message indicating that it was sent with “High importance.” When coupled with the inclusion of the word “security” in the sender’s email address and the use of “Recent Policy Changes” as the subject line, this tactic attempted to trick the recipient into believing that the email was important and required immediate attention.

In support of this ruse, the email informed the recipient that they needed to accept new “Terms of Use & Privacy Policy.” It then instructed them to click on either an “Accept” button or a “Learn More” option.

WM emailURL redact.png.wm 2 1200x670 1
A screenshot of the phishing email with the buttons’ URL displayed. (Source: Cofense)

The researchers at Cofense found that both buttons contained the same embedded link. As they explained in their research:

…[T]he threat actor has utilized a Google Ad Services redirect to pilot users to their phish. This suggests that the threat actor(s) may have paid to have the URL go through an authorized source. In turn, this easily bypasses secure email gateways and exposes employees to the phish.

From there, the campaign led the user to a fake page that functioned as a duplicate of the official Microsoft page. This imposter page presented the visitor with a privacy policy that contained logos for both Microsoft and the user’s company. It then prompted them to click on an “Accept” button.

Doing so sent the user to another page designed to steal their Microsoft credentials. Upon receiving their victim’s details, that page showed a “We’ve updated our terms” dialog box before redirecting them to a legitimate Microsoft page containing the tech giant’s service agreement.

The campaign discussed above highlights the need for organizations to defend themselves against phishing operations. They can do so by educating their employees about some of the most common types of phishing attacks that are in circulation today.



Source link

Recent articles

Ohio Governor Says His Flawed Virus Test Shouldn’t Undercut New, Rapid Methods

Gov. Mike DeWine of Ohio, who last week tested positive for the coronavirus, then negative and then negative again, said on CNN on...

Egypt extends detention of Al Jazeera journalist Mahmoud Hussein | News

Egyptian authorities have extended the detention of Al Jazeera journalist Mahmoud Hussein by another 45 days. The extension on Sunday came more than 1,300...

Created with Blender 2.8: ‘Take on me’ cover: Arrangement for Flute orchestras

PiDi writes: 'Take on me' cover: Arrangement for Flute orchestras (Cover) Similar to the original video, it looks like a comic book. All image effects were...

Looks Like AT&T Cancelled Plans for WB Interactive Sale

Following months of reports about its sale, Warner Bros. Interactive Entertainment seems to be resting safely with AT&T for now, if comments by...

Leave a reply

Please enter your comment!
Please enter your name here