Summary: Cybersecurity researchers at Cyderes have identified a new phishing trend that combines YouTube URLs with Microsoft 365 password expiry alerts to trick users into revealing their credentials. This method exploits the trust associated with familiar domains to enhance the effectiveness of phishing attempts.
Threat Actor: Unknown | unknown
Victim: Users of Microsoft 365 | users of Microsoft 365
Key Point :
- Phishing emails use urgent subject lines to prompt immediate user action.
- Fake YouTube links are utilized to obscure malicious intentions and enhance credibility.
- Attackers manipulate URLs with the @ symbol to redirect users to phishing sites.
- Common traits of phishing links include excessive use of %20 and redirectors from known phishing kits.
- The combination of trusted brands and urgency increases the likelihood of user deception.