Email Phishers Using New Way to Bypass Microsoft Office 365 Protections
August 16, 2018
Seid Yassin (557 articles)

Email Phishers Using New Way to Bypass Microsoft Office 365 Protections

Phishing works no matter how hard a company tries to protect its customers or employees.
Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365.

Microsoft Office 365 is an all-in-solution for users that offers several different online services, including Exchange Online, SharePoint Online, Lync Online and other Office Web Apps, like Word, Excel, PowerPoint, Outlook and OneNote.

On the top of these services, Microsoft also offers an artificial intelligence and machine learning powered security protection to help defend against potential phishing and other threats by going one level deep to scan the links in the email bodies to look for any blacklisted or suspicious domain

But as I said, phishers always find a way to bypass security protections in order to victimize users.

Just over a month ago, the scammers were found using the ZeroFont technique to mimic a popular company and tricked users into giving away their personal and banking information.

In May 2018, cybercriminals had also been found splitting up the malicious URL in a way that the Safe Links security feature in Office 365 fails to identify and replace the partial hyperlink, eventually redirecting victims to the phishing site.

These issues were then addressed by Microsoft at its end, but phishers have now been found using a new trick to bypass Office 365’s built-in security protections and phish users—this time by inserting malicious links into SharePoint documents.

The same cloud security company Avanan, which discovered the two above-mentioned phishing attacks, uncovered a new phishing email campaign in the wild targeting Office 365 users, who are receiving emails from Microsoft containing a link to a SharePoint document.

Source | thehackernews