Microsoft Themed Threat Steals Executives MS Office Credentials
Note: We may earn a commission from products or services when you click on a link and make a purchase.
An email phishing campaign attempts to steal Microsoft credentials belonging to business leaders. The scam uses familiar Microsoft branding and even a Google reCAPTCHA code to increase the likelihood of success. The goal is to steal executive-level Microsoft login credentials.
The phishing emails target business executives with titles like president, vice president, managing director.
Executive level employees and managers can easily have sensitive business information in their Microsoft Outlook email accounts. This includes payment methods or other financial information. Executives may have sensitive corporate data like details of contracts, plans, compensation information, or other trade secrets.
“Attacks have been spread across a range of industries, with the heaviest activity in the banking and IT sectors,” says the report from cyber security researchers at ThreatLabZ.
The phishing attacks began in December 2020. ThreatLabZ says it has blocked 2,500 of these phishing attacks in the last ninety days.
The spoofed credential phishing pages are hosted on domain names ending in. xyz and .club and are designed to look like Microsoft Office login pages.
Fake Google reCAPTCHA Used to Trick Executives
The first variation of the phishing scam uses .xyz domain names.
In this cyberattack, cybercriminals send a phishing email with an email attachment that is supposedly a voicemail. If the recipient is fooled and opens the attachment it redirects them to a spoofed webpage with a fake Google reCAPTCHA code.
After the victim successfully passes the fake Google reCAPTCHA they are redirected to a fake Microsoft login screen.
If the executive is fooled by the spoofed login page and enters their Microsoft login credentials, their account is compromised. Next, they are shown a screen that says, “Validation Successful.” To continue the scam the victim then can listen to a recording of a voicemail.
.club Domain Name Phishing
A second variation use. club domain name. The phishing campaign works the same way but ends with showing the victim a .PDF file after their credentials are stolen.
Google reCAPTCHA to Google.com
In a third variation, the phishing email prompts the recipient to review a secure document. After they pass the Google reCAPTCHA and have their Microsoft Office credentials stolen on the spoof Microsoft login screen, they are redirected to Google.com.
How to Avoid email phishing Scams
Use a quality antivirus app like Heimdel Security to help protect against phone phishing attacks.
- Never click on an email attachment that you were not expecting. attackers can spoof the friendly name have any email to trick you into opening malicious attachments
- When in doubt call the person who supposedly sent the email to verify that the attachment is safe
- Use a strong and secure password for all of your online accounts
- Use a password app to help generate and remember secure passwords
- If you suspect that your password may be compromised reset it immediately