New phishing campaign is impersonating the delivery giant
(Image credit: Shutterstock)
A new phishing campaign has been uncovered impersonating logistics giant DHL to try and steal Microsoft 365 credentials from victims in the education industry, experts has claimed.
Cybersecurity researchers from Armorblox recently discovered a major phishing campaign, with more than 10,000 emails sent to inboxes belonging to a “private education institution”.
The email is made to look as if it’s coming from DHL: it carries the company branding as well as tone of voice one might associate with the shipping giant. In the email, titled “DHL Shipping Document/Invoice Receipt” the recipient is informed that a customer sent a parcel to the wrong address and that the correct delivery address needs to be provided.
Fake login popup
The email obviously comes with an attachment, conveniently titled “Shipping Document Invoice Receipt” which, if opened, looks like a blurred-out preview of a Microsoft Excel file.
Over the blurred-out document pops up a Microsoft login page, trying to trick the victims into thinking they need to log into their Microsoft 365 accounts in order to view the contents of the file. Should the victims provide the login credentials, they’d go straight to the attackers.
> New service makes it easier than ever for rookies to launch Microsoft 365 phishing attacks
> This Microsoft 365 phishing campaign is using some crafty US government lures
> Check out the best firewalls around (opens in new tab)
“The email attack used language as the main attack vector in order to bypass both Microsoft Office 365 and EOP email security controls,” Armorblox explained. “These native email security layers are able to block mass spam and phishing campaigns and known malware and bad URLs. However, this targeted email attack bypassed Microsoft email security because it did not include any bad URLs or links and included an HTML file that included a malicious phishing form.”
As the researchers said, the attackers used a valid domain which allowed them to bypass Microsoft’s email (opens in new tab) authentication checks.
The best way for businesses to protect against phishing attacks is to train their employees to spot red flags in their inboxes, such as the sender’s email address, typos and spelling errors in the email, the sense of urgency (legitimate emails will almost never require the user to react urgently), and unexpected links/attachments.
Via: SiliconAngle (opens in new tab)
Are you a pro? Subscribe to our newsletter
Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.