Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims’ Office 365 credentials – in real time – as they enter them into the landing page.
Authentication APIs are used by apps and services running on the users’ behalf to access their data, Prashanth Arun, head of Data Science at Armorblox, told Threatpost. Office 365 requires app registrations to use APIs – but registrations require only an email address, making them seamless for attackers to leverage. Some additional configuration for the app also requires users to specify a website to “receive” authentication info, Arun added.
In a phishing attack recently spotted by researchers, the attacker used the authentication APIs to cross check the credentials of a senior executive at a large enterprise firm with the organization’s Azure Active directory. Active Directory (AD) is Microsoft’s proprietary directory service, which allows administrators to manage permissions and access to network resources. The authentication APIs use Azure AD to provide authentication services.
Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate. ... The multiple CAPTCHAs serve as backups, in case the first one gets defeated by automated systems, said researchers.
Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a “missed chat” from Microsoft Teams. Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams.
Damco's Office 365 Migration Services facilitate data migration from diverse environments to Office 365 and efficient integration with other cloud services/apps.
Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more. An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users' contacts and mail.
Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them