By creating phishing site pages using an online service for building surveys and forms, scammers figured out an original way to trick users out of their Office 365 credentials.
With the new May 15th deadline for submitting your tax returns quickly approaching, the bad guys are taking advantage of the theming and attempting to use it to steal Office 365 credentials. According to security researchers at Armorblox, this latest scam focuses on a phishing email informing the potential victim that their 2020 W-2 form is available for download from OneDrive – complete with a “Learn about messages protected by Office 365” link to add some credibility to the email.
The malicious link takes the victim to a webpage showing a blurred W-@ form, gated by Typeform. The assumption here is because the user was told it’s a OneDrive link, the intent is to collect their Office 365 credential, despite being obviously hosted on a completely different platform.
Source: Armorblox
Any credentials provided are met with an invalid password error – thought to be a smoke screen to allow the scammers to collect as many credentials as possible.
The obvious errors that should provide warning to the recipient include the mismatch between it purporting to be a OneDrive link and it actually taking the user to Typeform’s website. At least in the example provide by Armorblox, the senders email address is a Hotmail account.
Users with proper new-school security awareness training will identify these issues a mile away and spot the email for what it really is – a scam. I highly suggest getting started on implementing this before your organization’s Office 365 credentials are stolen and used by the bad guys for even more dastardly actions.
Here's how it works:
