Phishing Attacks: Via Scraping Branded Microsoft
Login Pages!

The latest phishing attack attacks using the
targets’ company-branded Microsoft 365 tenant login pages just to make it look
more believable.
Microsoft’s Azure Blob Storage and the Azure Web
Sites cloud storage solutions are also under usage for finding solutions to
host their phishing landing pages.
This helps the users think that they’re seeing a
legitimate Microsoft page. This aids the cyber-con to target Microsoft users
and get their services credentials.
This phishing campaign is mostly about scraping
organizations’ branded Microsoft 365 tenant login pages just to fool the
The above observations were made as a part of s
research of the Rapid7’s Managed Detection and Response (MDR) service team, say
The cyber-criminals actually go through the list
of validated email addresses before they plan on redirecting the victims to the
phony login pages.
They put up actual looking logos of the brands that
they want to copy and that’s what helps them to scrape the tenant login page.
In case the target organization doesn’t have a
custom branded tenant page, the phishing kit is designed to make use of the
default office 365 background.
The same campaign’s been launched at various
different companies and organizations including in financial, insurance,
telecom, energy and medical sectors.

There are several points at hand that hint at
the phishing campaign still being active. In fact someone may be updating it for
that matter at different times.
The “phisher” behind the campaign could easily
be exploiting the “Lithuanian infrastructure”.
Besides the using the phony Microsoft phony page
and stealing credentials the campaign also is up for exploiting cloud storage
For landing page hostings also, the campaign
works perfectly. Phishing kits were discovered in April this year.
IPFs gateways were also abused by phishing
attempts by using TLS certificates issued by Cloudflare, last year in October.
Per sources, the following advises and measures
should be taken at once by organizations using the Microsoft office 365:
authentication via Office 365 or a third party solution for all employees.
staff in phishing awareness training programs.
to help the employees spot and report phishing attacks.


Please enter your comment!
Please enter your name here