PhishLabs has detected attempts to compromise Microsoft Office 365 administrator accounts as part of a broad phishing campaign.
In the campaign, the threat actor(s) delivered a phishing lure that impersonated Microsoft and their Office 365 brand but came from multiple validated domains – an educational institution for example – not belonging to Microsoft. If the victim clicked the link, they were presented with a spoofed login for Office 365.
Administrators often have privileges on other systems within an organisation, potentially allowing further compromises.
Office 365 Admins Singled Out in Phishing Campaign https://t.co/l2qo2Zpoia pic.twitter.com/xyH22DtdSy
— Eleanor Dallaway (@EleanorDallaway) November 18, 2019
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
