Phishing attacks are not revolutionary until they accessed authentication APIs. Cybersecurity experts alert about an office 365 credential-phishing attack that targets landing page. In this article at ThreatPost, Lindsey O’Donnell explains how the attack stems from malicious activities. The cybercriminals use authentication APIs to access your Microsoft office 365 account and hack the entire system. They even use CAPTCHAs and Azure Active directory to look legitimate.
What Happens Next?
Access to an internal network enables the phishing attackers to act as threat intelligence and block remedial actions beforehand. The breachers have established a new spin on the phishing attack.
Instead of striving to spoof Microsoft in the sender’s field, they use an already compromised domain. The domain looks legitimate, albeit compromised, and may not affect the progress of the attack. Only a vigilant administrator can verify whether the email was sent from Microsoft.
Thus, the real users assume it to be a legitimate website and remain ignorant of the automated crawling attempts initiated by the phishing invaders. An email using spoofing techniques and a subject line that imitates important internal reports can force any staff member to provide access to it.
Route to Prevention
Once you access the breached landing page using office 365 credentials, you will be redirected to zoom.com. Otherwise, authentication failure would make them log in from microsoftonline.com. Post-breach, even if you change the domain name, attackers will remain updated about all your moves.
Educating employees about the latest phishing attacks is the only way to prevent the attack. Organizations must identify ways to spot and prevent the most common attempts to protect their business data. Office 365 authentication is a kind of deceptive phishing attack that is the most difficult to conquer. So, keep your teams aware of such potential threats!
Click on the following link to read the original article: https://threatpost.com/office-365-phishing-attack-leverages-real-time-active-directory-validation/159188/