A sophisticated two-step phishing campaign has been uncovered, exploiting Microsoft Office forms to trick unsuspecting users into divulging sensitive information.
The attackers first send a legitimate-looking email with a link to a seemingly harmless form. This form collects user credentials or personal information, which the attackers use to carry out more sophisticated attacks or gain unauthorized access to accounts.
According to a recent report by Perception Point, this campaign has been designed to evade detection by traditional security measures.
Cybercriminals are employing complex two-step phishing attacks by utilizing Microsoft Office Forms. Threat actors increasingly use Office Forms to steal Microsoft 365 (M365) login credentials from unsuspecting customers.
To See the real-time advanced threats living in your inbox, leading email security firms like Trustifi will show you the threats that may have evaded your existing email protection by Getting a complimentary ThreatScan.
The Phishing Campaign: A Two-Step Attack
The phishing campaign involves two distinct steps. The first step begins with an email that appears to be from a legitimate source, such as a colleague or a trusted organization.
The email contains a link to a Microsoft Office form, which is designed to look authentic. The form requests the user to enter their credentials to access a shared document or update their account information.
Once the user enters their credentials, the attackers proceed to the second step. The user is redirected to a fake Microsoft Office login page that mimics the real one.
The fake page is designed to capture the user’s login credentials, including their username and password.
Exploiting Microsoft Office Forms
The attackers have exploited a vulnerability in Microsoft Office forms to create a convincing phishing campaign.
The forms are designed to look legitimate, complete with Microsoft branding and logos. The attackers have also used a technique called “OAuth phishing” to gain access to the user’s account.
OAuth phishing involves tricking the user into granting the attacker permission to access their account. Once the user grants permission, the attacker can access the user’s account without knowing their login credentials.
According to the Perception point report, The consequences can be severe if a user falls victim to this phishing campaign. The attackers can access the user’s Microsoft Office account, including their email, contacts, and sensitive documents.
The attackers can also use the compromised account to launch further phishing attacks or to spread malware.
Protecting Against the Attack
To protect against this phishing campaign, users are advised to be cautious when receiving emails that request them to enter their credentials. Here are some tips to help you stay safe:
- Protect Your Business Emails with AI-Powered Email Security
- Be wary of emails that ask you to enter your credentials, even if they appear to be from a legitimate source.
- Always verify the authenticity of an email by contacting the sender directly.
- Never enter your credentials on a page that does not have a valid SSL certificate.
- Use two-factor authentication (2FA) to add an extra layer of security to your account.
- Keep your software and operating system up to date with the latest security patches.
The two-step phishing campaign exploiting Microsoft Office forms is a sophisticated attack that can have severe consequences. By being aware of the attack and protecting yourself, you can avoid falling victim to this phishing campaign.
Remember always to be cautious when receiving emails that request you to enter your credentials, and never enter your credentials on a page that does not have a valid SSL certificate.
Download Free Cybersecurity Planning Checklist 2024 (PDF) – Download Here
