Summary: Security researchers have identified new phishing campaigns that exploit Microsoft 365, utilizing both legitimate domains and tenant misconfigurations to facilitate account takeovers. These attacks leverage various tactics, including brand impersonation and OAuth redirection, making them difficult to detect. The campaigns heavily rely on modifying organization names and creating misleading communication channels to mislead victims and steal credentials.
Affected: Microsoft 365 users and organizations
Keypoints:
- Attackers are misusing Microsoft domains to execute Business Email Compromise (BEC) attacks.
- Phishing emails are designed to imitate legitimate Microsoft notifications, directing victims to call centers.
- OAuth redirection is employed through fake applications to steal user credentials and spread malware.
- Limited permissions are assigned to malicious apps to evade detection by security solutions.
Source: https://www.securityweek.com/microsoft-365-targeted-in-new-phishing-account-takeover-attacks/