Phishing Attack Target Users to steal Microsoft 365 credentials

0

A new phishing campaign has been identified that targets Microsoft 365 users with the aim of harvesting their login credentials. Cybercriminals are sending malicious emails to users with attachments that have two extensions: .pdf and .html. When the user opens one of these malicious HTML files, a phishing page masquerading as Microsoft 365 is displayed, prompting users to input their login credentials. Once the victim inputs their credentials, they are sent to the attacker who harvests them for malicious purposes.

There is a high possibility that the hijacked account belongs to a corporate user because Microsoft 365 is widely used by businesses. If the attacker gets their hands on these credentials, they may be able to access sensitive information.

To prevent falling victim to this phishing campaign, it’s important to verify the sender’s email address to ensure it matches the official domain it claims to be from. Pay attention to spelling and grammar mistakes, as well as poor formatting. Before clicking on links in emails, hover your mouse cursor over the links to see the actual URL. If the link’s destination looks suspicious, do not click on it. Beware of emails that claim your account is at risk or that require urgent verification of personal information. Any statement meant to create a sense of urgency should be suspicious. Finally, never click on links or download file attachments from unknown senders.

Stay safe online and protect your sensitive information by being vigilant and taking steps to prevent falling victim to phishing attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *