A phishing attack recently uncovered by researchers pretends to share information about an electronic funds transfer (EFT) by offering up a link to download an HTML invoice that then loads to a page with Microsoft Office branding that’s hosted on Google Firebase.
The attack culminates with a final phishing page that looks to extract a victim’s Microsoft login credentials, alternate email address, and phone number, Armorblox researchers wrote in a blog post.
Impersonating Microsoft to phish for account credentials continues to be a powerful technique because it’s a way for attackers to insert themselves into normal business workflows, said Rajat Upadhyaya, head of engineering at Armorblox.
“Viewing documents via Office 365 is something we do every day, so victims might think it’s not unusual to enter login credentials in this situation,” Upadhyaya said. “Plus, hosting the final phishing page on Google Firebase lends the domain inherent legitimacy and allows it to bypass email security blocklists and filters.”
The email atta ..
Support the originator by clicking the read the rest link below.
