Attempts to commit Tricks are like phishing It is constantly replenished with new strategies, devised by cybercriminals so that their potential victims do not suspect, for example, a fake email.
Armoblox, which is dedicated to providing security for corporate email accounts in the cloud, has discovered a file A new way to commit this crime Identity theft from fake emails from the site we move.
The goal of this attack is Office 365 access credentials stolen (Microsoft Cloud Tools Platform) For potential victims, explain those responsible for the discovery.
The methodology consists of sending an email that simulates a WeTransfer message, a platform that allows large file sharing and can be used in both personal and business environments.
in the message The user is notified of the supposed receipt of some files available for download. In the event that the victim is not interested in the domain from which the mail was sent, they can trust and click on the link that says “View files”.
In this case, The user is redirected to a site pretending to be from Microsoft, with a blurred spreadsheet in the background and a fake Excel form in the foreground, where an email address and password are required to access the content.
Not the minor detail is that the email field is already full of the victim field, in an attempt to generate more trust on the page.
In the event that a user who came to the site falls into the trap and turns over their data, those behind the scam will get the credentials to access all their Microsoft tools.