Threat Management, Malware, Phishing

Scams use false alerts to target Office 365 users, admins

Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.

The scams are respectively detailed in a pair of reports from Bleeping Computer. The first report credits MalwareHunterTeam with uncovering a fake Office 365 site that displays a fake alert to site visitors, falsely stating that their browsers need an update.

Clicking on the update button downloads a malicious executable that installs TrickBot on victims' computers, at which point the malware begins communicating with a command-and-control server to execute various modules capable of exfiltrating user machine details, installed program information, Windows services information, login credentials, browsing history, form autofill information, and more.

The second report warns that phishers are sending emails disguised as Office 365 admin alerts that purportedly address time-sensitive issues such expired licenses or an unauthorized access incident.

But clicking on the email's links takes victims to a phishing landing page that asks users to enter their Microsoft login credentials. To make it look authentic, the cybercriminals use a windows.net domain on Azure, plus a certificate from Microsoft.

"As you can imagine, if an admin falls for this scam and enters their credentials in the page they will be stolen by the attackers. Unless that account has some sort of two-factor authentication enabled on it, the attacker would be able to gain access to the Office 365 admin portal," wrote report author Lawrence Abrams, creator and owner of Bleeping Computer.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.