The employee on leave could be your greatest threat to

A new phishing campaign impersonating logistics giant DHL has been uncovered in an attempt to steal Microsoft 365 credentials from victims in the field of education, specialists say.

Armorblox cybersecurity researchers recently uncovered a massive phishing campaign, with more than ten zero emails sent to inboxes belonging to a "private educational corporation."

The email is engineered to look like it's from DHL: it bears the company's branding, like a tone of voice one might associate with the shipping giant. In the email titled "DHL Shipping Document/Invoice Receipt", the recipient is notified that a service customer has sent a package to the wrong address and that they must provide the correct shipping address.

Obviously, the email comes with an attachment titled "Shipping Document Invoice Receipt" which, if opened, looks like a murky previous view of a Microsoft Excel file.

A Microsoft sign-in page appears above the shady document, attempting to mislead victims into thinking they need to sign in to their Microsoft 365 accounts in order to view the file's contents. If the victims provided the login credentials, they would directly assist the attackers.

“The email attack used language as a primary attack vector to bypass Microsoft Office 365 and EOP email security controls,” Armorblox explained. “These native email security layers can block massive spam and phishing campaigns, such as known malware and malicious URLs. However, this targeted email attack bypassed Microsoft's email security, as it did not include bad URLs or links and included an HTML file containing a malicious phishing form.

As scholars have claimed, the attackers used a valid domain that allowed them to bypass Microsoft's email authentication checks (opens in a new tab).

The best way for companies to guard against phishing attacks is to train their employees to look out for red flags in their inboxes, such as the sender's email address, typos and misspellings. in the email, the sense of emergency (legitimate emails will almost never require the user to respond with emergency) and unexpected links/attachments.

Via: SiliconAngle (opens in a new tab)

Share This