
Microsoft have reported about a new phishing campaign that they have detected recently, and they have also claimed that this campaign is quite big and is stealing the login credentials.
After detecting this phishing campaign, researchers declared that this campaign attaches the open redirector links in the email communications that behave as a vector. The main motive of using such vectors is to trick users into visiting malicious websites so that the threat actors can bypass the security software effectively.
Open redirector Phishing
The threat actors are targetting the login credentials in this phishing attack, and the credentials phishing emails generally signify a remarkably widespread way for threat actors to obtain a space in a network for harvesting the user credentials
The user clicks the custom-built redirect links that are specifically sent to a page in attacker-owned infrastructure. This kind of page generally uses Google reCAPTCHA services to likely circumvent attempts at dynamically browsing and checking the contents of the page.
Once the user is done with the CAPTCHA verification, the user has displayed a site that imitates a legitimate service, like Microsoft Office 365. The sites generally ask the user for their password, then the passwords are being asked for twice, and after giving it the threat actors enter the system.
The threat actors also send unique URLs to each beneficiary with PHP parameters that create simple information to execute on the phishing page.
Domains used
- c-tl[.]xyz
- a-cl[.]xyz
- j-on[.]xyz
- p-at[.]club
- i-at[.]club
- f-io[.]online
Defender for Office 365 protection
This type of attack is quite unsudden that makes a huge impact on the network, thus Microsoft has suggested some mitigations toward the exploitation of open redirector links by known third-party platforms or assistance.
This type of phishing campaign generally puts a lot of pressure and hamper the network services very badly, that’s why the users are suggested to apply the recommendation and follow them carefully.