Using a sophisticated new phishing campaign, attackers used trusted, recognized brand names to bypass security filters and trick victims into giving up their Microsoft Office 365 credentials to bypass security protections and gain access to corporate networks.
Check Point discovered that the campaign exploited Adobe, Oxford University and Samsung web domains to trick users. In early April 2020, they discovered emails sent to victims titled “Office 365 Voice Mail” targeting companies from Europe, Asia and the Middle East.
Check Point manager Lotem Finkelsteen explained – at first the attacks seemed to be “classic Office 365 phishing campaign,”. However, when researchers peered under the hood, they found more of a “masterpiece strategy” that leverages “well-known and reputable brands to evade security products on the way to the victims,” he said.
The hackers managed to use legitimate Oxford University SMTP servers, which let the cyber criminals to effectively bypass the reputation checks required by security measures at the sender domain.
To appear legitimate, hackers sent phishing messages with notification – “Message from Trusted server”. Phishing emails claimed that an incoming voice message was waiting in the targets’ voice-portal, to listen they asked them to click on a button that would redirect the unsuspecting users to a phishing page masquerading as the Office 365 login page.
Oxford University, Adobe and Samsung were informed of the findings by Check Point.