. home.aspx



Attackers Pick up Nasty Phishing Tactic to Gain Full Access to Users' Data Stored in the Cloud

January 08, 2020 / Cyware

In early December 2019, security experts began observing a sophisticated phishing scheme targeting Office 365 users. The phishing lure, which starts with a spoofed link, is being widely used by attackers to ensnare users of many other cloud providers. The phishing attack targets Office 365 users with an email that contains a malicious link within. The link takes the recipient to a legitimate-looking fake login page of Office 365 titled ‘login.microsoftonline.com’. To an unsuspected user, the malicious link looks normal and legitimate but secretly pushes an app named officesuited[.]com. This app appears after the link tells Microsoft to forward the authorization token produced by a successful login from the target user.