Microsoft 365 Phishing Attacks Masterfully Use Brand Name Sites to Establish Legitimacy



Brand Name Domain PhishingNew voicemail phishing scam uses legitimate branded domains from companies like Samsung and Adobe to facilitate redirects to compromised websites intent on stealing credentials.

It’s an age-old campaign at this point; an email offers up some piece of content that requires the user to log onto their Microsoft (formerly Office) 365 account to view. But, most scams just have an embedded link point to a malicious website. This is easy to spot by both security solutions and users with a watchful eye.

A new variant of this type of campaign was spotted by security researchers at CheckPoint, where they uncovered details on how the campaign is carried out that hint at brilliance.

The most impressive step in the all-too-often used path of “send an email, link to a compromised site, put up a look-alike Microsoft 365 logon page” is the use of redirects. According to CheckPoint, rather than pointing links to a suspect domain, the attackers used redirect functionality built into servers running Adobe Campaign.

Take the example redirect URL below (modified to not work as an actual URL):

http://t.email1.samsung[.]ca/r/?id=ff1b346f,303d531,303d53e&p1=8107023398&p2=8107023398&p3=DM15290&p4=https://compromised.site#user@company.com

Note how the domain is a legitimate Samsung website. The attackers used the p4 parameter in the Adobe Campaign URL to point the victim to a compromised website to complete the campaign.

These kinds of tactics are used to bypass security checks, leaving organizations with only the user’s watchful eye to determine that “something’s not right here”. It’s only through proper Security Awareness Training that users can be taught to quickly identify suspicious links, content, behavior, email messages, and more – all factors that add up to an email potentially being malicious.


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Save My Spot!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://info.knowbe4.com/kmsat-request-a-demo

Subscribe To Our Blog


Ransomware Has Gone Nuclear Webinar




Get the latest about social engineering

Subscribe to CyberheistNews