- A new phishing scheme is successfully bypassing most security tools
- It abuses ads and Microsoft’s Tools for Active Directory Federation Services
- It is designed to steal login -credentials so users have to take care of
Cyber criminals have found a smart way to make phishing sites look like legitimate login pages, successfully stealing Microsoft -AdI -credentials, experts have warned.
CyberSecurity scientists at Push Security recently published an in-depth report on how scam works, and outlined how attackers created fake login pages that mimicked Authentic Microsoft 365 sign-in screens.
Instead of sending victims directly to the site, which would probably be marked by security solutions and quickly blocked, they used a Microsoft feature called Active Directory Federation Services (ADFS). Businesses usually use it to connect their internal systems to Microsoft services.
How to remain safe
By creating their own Microsoft account and configuring it with ADFs, Microsoft’s service fools to redirect users to the phishing site while link looks legitimate because it starts with something like ‘Outlook.Office.com’.
Furthermore, the phishing -link was not distributed via e -mail, but rather -malvertising. Victims searched for “Office 265”, which was presumably a typo, and was then taken to an Office login page. The advertisement also used a fake travel blog – Bluacrainours[.]com – as a middle step to hide the attack.
The way the whole campaign was created made it particularly dangerous. When the link looked like it came from Microsoft, and that successfully bypasses many security tools that control for bad links – its success rate was probably higher compared to “traditional” phishing.
Furthermore, since it is not dependent on E -mail, the usual E -mail filters could not catch it. Finally, the destination side could even bypass Multi-Factor Authorization (MFA), which made it even more dangerous.
To prevent such scams from causing real damage, it must block ads or at least monitor ad traffic and look for redirections from Microsoft login pages to unknown domains.
Finally, users need to be careful when entering search expressions – a simple typo can lead to a false ad that can result in compromise and account takeover.
Via Bleeping computer
