How Similar Is the Microsoft Account-stealing Phishing Page to the Actual Page? Posted By jcleebobgatenet , December 13, 2022 Many corporations and users both in and outside Korea use Microsoft accounts to use major services offered by Microsoft, including Outlook, Office, OneDrive, and Windows. Users use integrated login to easily access all Microsoft services linked to their account. What does this mean for the threat actor? There is no better target for attacks because there is a large volume of information that can be gained using just one account. Particularly in the case of users that handle sensitive information…
Phishing Attacks Disguised as Microsoft, Targeting Corporate Users Posted By jcleebobgatenet , November 1, 2021 The ASEC analysis team has recently discovered phishing attacks disguised as Microsoft are being sent to corporate users. As shown in the figure below, the sender of the phishing e-mail is disguised as Microsoft, and the e-mail is distributed with the subject of “Password Expiring Notice”. The body of the e-mail says, “Your password to a certain account has expired today. Use same password to keep access to your Office365 account.” Upon clicking the text “KEEP YOUR PASSWORD”, a screen…