Databreach Today -
Ongoing Campaign Also Uses Malicious CAPTCHA Verification Page Mihir Bagwe • August 30, 2021 Phishing email using a Zoom meeting subject line (Source: Microsoft)
Microsoft is warning of a “widespread” phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials, according to a recent research report published by the software company.
See Also: Automating Security Operations
Besides using social engineering techniques that impersonate well-known productivity tools and services to lure users into clicking, the fraudsters will sometimes deploy a malicious CAPTCHA verification page that helps lure users to a phishing site that will harvest their credentials, according to Microsoft.
The main feature of this campaign, however, is the use of open redirect links that can trick users into clicking a malicious link and help the fraudsters avoid certain security tools, such