Lance Whitney reports:
Microsoft is a popular brand for cybercriminalsto impersonate in phishing campaigns. The company’s products are used by a vast number of people, both personally and professionally. Plus, gaining access to someone’s Microsoft credentials can open the key to an array of associated websites and services. One particular campaign analyzed by cyber threat intelligence provider Check Point Research redirected people through a series of legitimate websites in an effort to steal their Microsoft credentials.
In a blog post published Thursday, Check Point described the method in which attackers exploited one of Oxford University’s mail servers to send the initial email, abused an Adobe Campaign redirection tool, and then used a Samsung domain to take users to a Microsoft Office 365-themed phishing website. The goal was to take advantage of legitimate sites and services in an effort to evade security software. First spotted in April, 43% of the attacks targeted European companies, while the rest were found in Asia and the Middle East.
Read more on TechRepublic.
Correction: The source and link were corrected post-publication.