- Crooks uses link wrapping services to lure victims to click
- The links redirect the victims to a fake Microsoft 365 -Destination page
- The campaign has been going on for at least two months
Cybercriminals abuse Proofpoint’s and Intermedia’s “Link wrapping” service to bypass E -Mail protection, create compelling phishing -e emails and ultimately -steal People’s Microsoft 365 -DIdInate information. This is according to CyberSecurity researchers from Cloudflare who have observed such campaigns in nature for at least two months.
Proofpoint’s link wrapping service, known as URL defense, protects users by rewriting each incoming E -mail link to route through Proofpoint’s inspection gateway before it reaches the actual recipient. When a person clicks on a link in an e-mail, it is evaluated in real time (including sandbox detonation and reputation check) and is given access only if the link is considered secure.
But here’s the catch: All original URLs are embedded in the coded rewritten link (usually prefixed with “urldefense.proofpoint.com), which as a side effect creates a sense of security with the recipients, making it more likely that they will actually click it.
Active campaign
Cyber criminals were seen creative brand new landing pages that mimic Microsoft 365 -Login screen, and as such are not yet marked by security products. They will then shorten URLs to the pages that use popular URL shortening such as Bitly. The next step is to break into E -mail accounts already protected by proofpoint and use them to pack the shortened URL.
The last step is to distribute the abbreviated and wrapped URL, often through the same E -mail accounts that were compromised earlier.
Cloudflare says it has already been seen several attacks, with villains sending false voice email -message -e emails and fake shared Microsoft -Team’s documents. Victims who do not see the attack go through a chain of redirections, landing on a page where they are asked for their Microsoft 365 -Login -Legitimation information.
As a rule of thumb, links IE emails must be carefully reviewed before clicking, especially if E emails have any sense of urgency with them.
