Microsoft: Beware Phishing Attacks with Open Redirect Links

Databreach Today -

Ongoing Campaign Also Uses Malicious CAPTCHA Verification Page Mihir Bagwe • August 30, 2021     Phishing email using a Zoom meeting subject line (Source: Microsoft)

Microsoft is warning of a “widespread” phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials, according to a recent research report published by the software company.

See Also: Automating Security Operations

Besides using social engineering techniques that impersonate well-known productivity tools and services to lure users into clicking, the fraudsters will sometimes deploy a malicious CAPTCHA verification page that helps lure users to a phishing site that will harvest their credentials, according to Microsoft.

The main feature of this campaign, however, is the use of open redirect links that can trick users into clicking a malicious link and help the fraudsters avoid certain security tools, such

Read More.....