Fake DHL emails allow hackers to breach Microsoft 365 accounts

>

A new phishing campaign posing as logistics giant DHL has been discovered to try to steal Microsoft 365 credentials from victims in the education sector, experts say.

Cybersecurity researchers at Armorblox recently discovered a major phishing campaign, in which more than 10,000 emails were sent to inboxes of a “private educational institution”.

The email is crafted to look like it’s from DHL: It carries both the company’s branding and the tone one might associate with the shipping giant. The email, titled “DHL Shipping Document/Invoice Receipt”, informs the recipient that a customer has sent a package to the wrong address and that the correct delivery address must be provided.

The email, of course, comes with an attachment conveniently titled “Shipping Document Invoice Receipt” which, when opened, looks like a faded sample Microsoft Excel file.

A Microsoft login page appears above the faded document, which attempts to trick victims into thinking they need to sign in to their Microsoft 365 accounts to view the contents of the file. If the victims provide the credentials, they go straight to the attackers.

“The email attack used language as the main attack vector to evade both Microsoft Office 365 and EOP email security controls,” explained Armorblox. “These native email security layers can block massive spam and phishing campaigns as well as known malware and bad URLs. However, this targeted email attack bypassed Microsoft’s email protection because it contained no bad URLs or links and contained an HTML file containing a malicious phishing form.”

As the researchers said, the attackers used a valid domain that allowed them to bypass Microsoft’s email (opens in new tab) authentication checks.

The best way for businesses to protect against phishing attacks is to train their employees to recognize red flags in their inboxes, such as the sender’s email address, typos and spelling errors in the email, the feeling of urgency (legitimate emails almost never require the user to respond urgently), and unexpected links/attachments.

Through: Silicon corner (opens in new tab)

Related Post