.PNG "Amazon Gift Card Email Hooks Microsoft Credentials")
This article discusses a new phishing campaign using fraudulent emails disguised as Amazon e-gift cards from employers to harvest Microsoft credentials. The threat actors exploit recipients’ emotions and trust in familiar brands to trick them into revealing sensitive information. Affected: employers, recipients of e-gift cards, Microsoft users
Keypoints :
- E-gift cards are increasingly popular for gifting due to their instant delivery and flexibility.
- Threat actors are leveraging this trend to send fraudulent emails that appear to offer genuine gift cards.
- A recent credential phishing campaign was identified using emails disguised as Amazon gift cards from a recipient’s employer.
- The email features a fake offer of a 0 e-gift card intended to harvest Microsoft credentials.
- Malicious URLs and domains are used to create the illusion of legitimacy.
- Victims are redirected to counterfeit sites designed to mimic legitimate login pages.
MITRE Techniques :
- Credential Dumping (T1003) – Threat actors aim to harvest Microsoft credentials through a phishing attack.
- Phishing (T1566) – The campaign uses emails disguised as e-gift cards to lure victims into providing sensitive information.
Indicator of Compromise :
- [URL] https://egift.activationshub.com/gift-card/view/8lPFUrjq1LGzg7JHwS8hJJRdL
- [IP Address] 104.26.11.204
- [URL] https://sso.officefilecenter.com/signin?sso_reload=true
- [IP Address] 104.26.1.222
Full Story: https://cofense.com/blog/amazon-gift-card-email-hooks-microsoft-credentials
Views: 26