Office 365 accounts are among the most frequent targets for phishing scams. After recent reports revealed that the login page is the first step where such attacks occur, we now get to find out what kind of attack one can expect.
Yet another phishing scam targeted Office 365 users.The attack used an inverted image technique aiming for the login credentials.Stay protected by following our recommendations in the Security & Privacy section.For more related news, head to the Microsoft 365 section.
Download Restoro PC Repair Tool that comes with Patented Technologies (patent available here).
Click Start Scan to find Windows issues that could be causing PC problems.
Click Repair All to fix issues affecting your computer’s security and performance
Restoro has been downloaded by 0 readers this month.
More specifically, WMC Global cites PhishFeed analysts in their attempt to deconstruct a new phishing scam targeted at Office 365 users, still at the login page.
Detecting the new phishing technique
The new strategy involves inverting the background image colors and thus making it look like the original, however containing a fake login form.
The purpose is to avoid being spotted as a malicious attempt and bypass any detection engine. Additionally, this technique supposedly doesn’t make users suspicious and avoid entering their credentials.
To make the attempt look even more legitimate, the phishing kit uses a little trick. Namely, the inverted color image is stored by the attackers, then they modify the CSS index.php code to force the color to revert to the original state.
Further on, the visitors get the fake page, while the detection engines receive the original one, and more likely wouldn’t notice the scam.
What’s more, according to the source:
It’s always a good idea to stay on the watch for these scams to avoid falling into the trap.
[…] The inverted image was discovered within a deployed Office 365 credential phishing kit. Our team reviewed other campaigns deployed by this threat actor, discovering that the individual was using the same inversion technique on the newer Office365 background.
Just a few months ago, a similar phishing attack went for the secure email gateways, trying to lure Office 365 users into accepting a new Terms of Use and Privacy Policy.
While it’s hard for the regular user to spot fake log-in pages, staying away from unsolicited links and forms might save you from further trouble.
Bitdefender Antivirus Plus
Let Bitdefender keep an eye on possible phishing attempts while you enjoy safe browsing.
Also using a powerful antivirus with a proven detection rate against phishing attacks, such as Bitdefender, will add to your safety while surfing the Internet.
We hope that you haven’t been victim to such a phishing scam; but if you have, you can share your experience with us in the comments below.
If the advices above haven’t solved your issue, your PC may experience deeper Windows problems. We recommend downloading this PC Repair tool (rated Great on TrustPilot.com) to easily address them. After installation, simply click the Start Scan button and then press on Repair All.
Still having issues? Fix them with this tool:
SPONSORED
- Office 365Phishing
Email *
Commenting as . Not you?
Comment
