In a credential phishing attack intended to steal users’ Microsoft Office 365 and Google email passwords, hackers posed as the American business security company Proofpoint.
Armorblox cybersecurity researchers revealed that they discovered one such operation aimed at an unidentified international communications company, with virtually a thousand employees targeted solely within that organization.
The email claimed to contain a secure file sent via Proofpoint as a link. Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google.
A file apparently related to mortgage payments was the email’s bait. The subject line, “Re: Payoff Request,” was designed to trick victims into believing it was part of an ongoing conversation, adding credibility to the operations while also making it seem urgent enough and convincing them to click it.
The moment targets opened the “secure” email link contained in the message, they were directed to an introductory page with the Proofpoint logo and login spoofs.
The analysts added:
Clicking on the Google and Office 365 buttons led to dedicated spoofed login flows for Google and Microsoft respectively.