An Office 365 retail pack. (Raysonho @ Open Grid Scheduler / Grid Engine, CC0, via Wikimedia Commons)
Researchers last week spotted a phishing campaign that leveraged an online email authentication solution from Zix, in hopes that potential victims would be lulled into a false sense of security.
The attack reached 5,000 to 10,000 mailboxes, targeting Office365 users with the goal of stealing their credentials, according to a new blog post today from Abnormal Security. The company became aware of the scam when one of its own customers received a scam email appeared to come from one of its vendors, the real estate services provider Authentic Title, LLC.
As it so happened, the perpetrators had compromised an Authentic Title employee’s legitimate email account, and used it to send lures designed to make users falsely believe they received a closing settlement counteroffer.
“The targeted company works with thousands of third-party vendors and supplychain partners. And these vendors and partners often cannot tell when their own employees are compromised and used to send phishing or invoice fraud attacks,” said Roman Tobe, cybersecurity strategist at Abnormal Security, in an interview with SC Media.
..
Support the originator by clicking the read the rest link below.
