This phishing attack is using a sneaky trick to steal your passwords, warns Microsoft | WHAT REALLY HAPPENED X-Frame-Options: SAMEORIGIN

This phishing attack is using a sneaky trick to steal your passwords, warns Microsoft

Microsoft has warned Office 365 customers that they're being targeted by a widespread phishing campaign aimed at nabbing usernames and passwords.

The ongoing phishing campaign is using multiple links; clicking on them results in a series of redirections that lead victims to a Google reCAPTCHA page that leads to a bogus login page where Office 365 credentials are stolen.

This particular attack relies on the email sales and marketing tool called 'open redirects', which has been abused in the past to redirect a visitor to a trustworthy destination to a malicious site. Google doesn't rate open redirects for Google URLs as a security vulnerability, but it does display a 'redirect notice' in the browser.

Comments

SHARE THIS ARTICLE WITH YOUR SOCIAL MEDIA