Home » Security » Office 365: New phishing attack tries to steal credentials via Box
office 365 attack

Office 365: New phishing attack tries to steal credentials via Box

Office 365 new phishing attack: Researchers at cloud security platform Armorblox have uncovered a phishing attack that seeks to steal Office 365 login credentials


IT News Nigeria:

So far, so predictable. The clever twist here though is that the initial page victims are taken to via the email link is hosted on cloud file sharing service Box, followed by a credential phishing page that resembles the Office 365 login portal.

The sender name and domain used belong to a legitimate company and this together with the use of Box helps the attack to evade detection and get through to people’s inboxes. The emails are also constructed to encourage people to click, with a simple call to action — Click here to pick up your documents — and footer text that informs readers that the email link will only be active for a limited time, giving a sense of urgency.

Read also:

Email attacks: Criminals bypass multi-factor authentication to hijack email accounts

‘Argentina Is Doing It’: NITDA Alerts Nigerians on Harmful Fake Messages

“The first page in this attack flow was hosted on Box, leveraging the reputation of the Box domain to get past any filters used to block known bad domains,” writes Arjun Sambamoorthy, co-founder and head of engineering at Armorblox on the company’s blog.

cyber attack
Cyber Awareness Forum to mark World Safer Internet Day 2018 in Lagos

“The page looked like it was hosting a document that was shared over OneDrive, with plenty of Microsoft branding used to lull users into a false sense of security. The document displays ‘Secured by OneDrive’ on the top left corner, ‘OneDrive for Business’ emblazoned on the center, and ‘Powered by Office 365’ on the bottom left corner.”

READ ALSO  CSEAN to Buhari, declare October Cybersecurity Awareness Month

If users clicked the ‘Access Document’ link on the Box page, they were redirected to a page resembling the Office 365 login portal which would scoop up their credentials.

You can read more about the attack, including how it was detected on the Armorblox blog. – Culled from BETANEWS

Image Credit: Maksim Kabakou / Shutterstock

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *



Check Also

Sophos Uncovers New Ransomware Connections

Sophos says it has uncovered new ...

Why We Challenge Data Handlers On Full Compliance – NDPC

NDPC says monitoring is key to ...

Why NDPC Deepens Capacity in Data Journalism – Dr Olatunji

  NDPC Chief says journalists can ...

QNET Strongly Denounces Scammers and Reaffirms Commitment to Integrity

IT News Nigeria: QNET  has said ...

Sophos Launches Managed Detection and Response (MDR) for Microsoft Defender

  …to Provide a Critical Layer ...

%d bloggers like this:
Skip to toolbar