Published on: September 06, 2019
In previous posts, we’ve talked about free email platforms (Gmail, Outlook), multi-factor authentication, spoofed sender email addresses and malicious websites that steal credentials. Those are all important, but it’s time to add to your phishing tool belt.
The phish we received this week (1) is as authentic as it gets. It came from email@example.com, who must have given her credentials to Office 365 mail in a phishing attack. She most likely didn’t have 2FA, so we received a note from the hacker posing as her.
The email had no attachments, just a standard “click here” link. It politely asked you for credentials. Then, instead of sending you to a malicious cloned or fabricated website, it directed you to Microsoft’s very own, authentic, and secure https://forms.office.com*(2). That site pleasantly thanked you for giving out your credentials. It didn’t require any further action.
The attacker didn’t even bother to brand Docusign. Probably immature. He or she created the form just to capture credentials (to our email system) and used Microsoft Cloud to host it. I bet most email security systems would pass that email through with flying colors. Ours did, but thanks to some of you who reported, our team was able to block the threat.
Think before you click.
*Forms is a Microsoft product that comes with some versions of Office 365. It’s used to design and publish surveys and other forms. You can publish it on your website or conveniently use Microsoft to host it.