Microsoft Warns of Phishing Attack Targeted at Office 365 Users

Attack uses open redirectors to steal login credentials

Microsoft is warning its Office 365 customers of a widespread phishing campaign to steal usernames and passwords.

The Microsoft 365 Defender Threat Intelligence Team posted its findings on its Security blog, which details how the attacks are done and advises what people can do to defend themselves.

Hacker gaining access

CHUYN/Getty Images

The attack works by leading Office 365 users down a series of links and redirections to a Google reCAPTCHA page. Users are taken to a fake sign-in page where their credentials are stolen, leaving them compromised.

According to the Intelligence Team, the Google reCAPTCHA verification adds a false sense of legitimacy to users who are tricked into thinking the whole process is fine.

Hackers rely on a marketing tool known as an open redirect, an email with a link that takes the user to a different domain. Open redirectors have been abused in the past to direct users to malicious sites.

The Intelligence Team advises users to hover over the link in an email to check the destination before clicking. The idea is that the user can see if the domain name is legitimate and associated with a website they know and trust.

Google, on the other hand, has a different opinion. In a post on their Bughunter University, a site dedicated to looking for bugs and glitches, Google responds to the allegations that open redirectors are unsafe.

Cybersecurity activated

Kiyoshi Hijiki/Getty Images

The post states that while the open redirectors themselves are not a vulnerability, it admits that they can be abused for other vulnerabilities. The company disagrees with the advice of hovering over the link before clicking, as it isn’t always the most accurate and users typically don’t examine the URL after moving.

However, Google doesn't offer any sort of advice on defense other than contacting them.

Was this page helpful?