A new phishing campaign is using a fake Microsoft login page and phony Google reCAPTCHA to steal credentials from senior employees of various organizations.
The new campaign was reported by Zscaler, the security firm detailed their findings in a report published March 7. What’s more, to date, the firm has prevented more than 2,500 phishing emails as part of the campaign.
ThreatLabZ, the Zscaler’s threat research team that identified the phishing campaign, says the attacks have been occurring since December 2020. The attackers mainly targeted the top brass in the banking sector.
The vector of the campaign begins with phishing emails that resemble those used in the company’s regular communications system. The emails contained a malicious email attachment.
If the victim opens the HTML file that is attached to the email, they are redirected to a page hosted on .xyz phishing domain and resembling that os a legitimate Google reCAPTCHA page.
After the victim solves the reCAPTCHA, they are taken to a fake Microsoft login page. If the victim enters their login credentials, a fake message “Validation successful” is shown to add legitimacy to the campaign.
This is a popular tactic often used by cybercriminals in ransomware attacks called business email compromise (BEC), a form of a social engineering attack.
“These attacks can be categorized as BEC although the sender, in this case, uses popular unified communication systems used by the organizations,” says Gayathri Anbalagan, the lead researcher on the Zscaler.
Zscaler researchers couldn’t determine who was behind the attacks, but they are “looking at the operational theme and the target profiles,” and believe “it is likely to be a single coordinated campaign.”
Since the pandemic began and the shift to remote work, we have seen a spike in social-engineering tactics for credential theft.
In January last year, security firm Trend Micro detected a phishing campaign faking a Microsoft Office 365 update to steal email credentials from business executives.
And in August 2020, the security firm reported a business email compromise scam that targeted Office 365 accounts of senior employees of over 1,000 companies worldwide.