PhishLabs has discovered a new phishing campaign that targets office 365 administrative accounts. According to the firm, attackers behind the campaign are sending phishing baits that pretended Microsoft and its Office 365 brand.
According to Michael Tyler at PhishLabs, cybercriminals are looking to compromise Microsoft Office 365 administrator accounts to send out phishing lures – thus ensuring the emails come from legitimate, validated domains.
“This is beneficial for attackers because many email filtering solutions leverage the reputation of a sender domain as a major component of determining whether to block an email” he explained. “Well-established domains with a track record of sending benign messages are less likely to be quickly blocked by these systems. This increases the deliverability and efficiency of phishing lures.”
The cybercriminals are using emails from
With A compromised admin account, attackers can also create new accounts within an organization to abuse single-sign-on systems. They even can send more phishing mail by using the reputation of the organization.
The firm has so far observed these URLs:
http://www.clinicaccct[dot]com/srvt/[email protected]
http://www.aranibarcollections[dot]com/srvt/[email protected]
The subject that hackers are using in the phishing mails are:
- Re: Action Required!
- Re: We placed a hold on your account