Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.

Researchers have uncovered a phishing attack using a new technique: Attackers are making use of authentication APIs to validate victims’ Office 365 credentials – in real time – as they enter them into the landing page.

Authentication APIs are used by apps and services running on the users’ behalf to access their data, Prashanth Arun, head of Data Science at Armorblox, told Threatpost. Office 365 requires app registrations to use APIs – but registrations require only an email address, making them seamless for attackers to leverage. Some additional configuration for the app also requires users to specify a website to “receive” authentication info, Arun added.

In a phishing attack recently spotted by researchers, the attacker used the authentication APIs to cross check the credentials of a senior executive at a large enterprise firm with the organization’s Azure Active directory. Active Directory (AD) is Microsoft’s proprietary directory service, which allows administrators to manage permissions and access to network resources. The authentication APIs use Azure AD to provide authentication services.

hacks web security active directory authentication api credentials email attack microsoft microsoft active directory office 365 phishing attack phishing email

What is Geek Coin

What is GeekCash, Geek Token

Best Visual Studio Code Themes of 2021

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Microsoft Office 365 Phishing Attack Uses Multiple CAPTCHAs

Researchers are warning of an ongoing Office 365 credential-phishing attack that's targeting the hospitality industry – and using visual CAPTCHAs to avoid detection and appear legitimate. ... The multiple CAPTCHAs serve as backups, in case the first one gets defeated by automated systems, said researchers.

Microsoft Teams Phishing Attack Targets Office 365 Users

Up to 50,000 Office 365 users are being targeted by a phishing campaign that purports to notify them of a “missed chat” from Microsoft Teams. Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams.

3 Secrets for a Successful Microsoft Office 365 Migration

Damco's Office 365 Migration Services facilitate data migration from diverse environments to Office 365 and efficient integration with other cloud services/apps.

OAuth Consent Phishing Ramps Up with Microsoft Office 365 Attacks

Attackers gain read-only permissions to snoop around Office 365 accounts, including emails, contacts and more. An APT known as TA2552 has been spotted using OAuth2 or other token-based authorization methods to access Office 365 accounts, in order to steal users' contacts and mail.

Top 10 API Security Threats Every API Team Should Know

Learn what are the most important API security threats engineering leaders should be aware of and steps you can take to prevent them