Login

Register

Login

Register

#cybersecurity | #hackerspace |

Google Docs Forms Abused by Phishers to Harvest Microsoft Credentials


Security researchers detected several phishing campaigns that leveraged a Google Docs Form to target users’ Microsoft credentials.

Cofense observed that the phishing emails originated from a compromised email account with privileged access to financial services provider CIM Finance. By using CIM Finance’s website to host their phishing emails, the malicious actors ensured that their messages could bypass popular email security checks including DKIM and SPF.

The emails themselves masqueraded as notifications from the IT team informing recipients that they needed to “update their Office 365” if they wanted to prevent the suspension of their accounts. By creating this sense of urgency, nefarious individuals attempted to pressure recipients into clicking on the “Update Now” button.

The body of the phishing emails (Source: Cofense)

It’s at that point when the Google Docs Form came into play. As explained by Cofense in its research:

This threat actor set up a staged Microsoft form hosted on Google that provides the authentic SSL certificate to entice end recipients to believe they are being linked to a Microsoft page associated with their company. However, they are instead linked to an external website hosted by Google….

With this setup, phishers created a fake Microsoft Office 365 login page. This page distinguished itself from Microsoft’s legitimate login page by capitalizing close to half of the words and sometimes replacing letters with asterisks. The phishing page also displayed users’ credentials in plaintext as they typed in this detail into the form’s input fields.

Upon submitting their credentials, the campaign sent this information off to the attackers via Google.

This attack highlights the need for organizations to strengthen their email security. One of the ways they can do this is by raising their workforce’s awareness of some of the most popular phishing attacks in circulation today. Towards this end, organizations (Read more…)



Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW