PUBLISHED: 19:59, Tue, Feb 25, 2020 | UPDATED: 20:18, Tue, Feb 25, 2020
The latest attempts at phishing involves using a fake and poorly executed Microsoft Office 365 credentials update form in the guise of Google Docs is taking place. A Cofense report reveals the phishing emails originated from a compromised automated mail account with privileged access to financial services provider CIM Finance.
By using CIM Finance’s website to host their phishing emails, the malicious players ensured their messages could pass necessary email protection checks together with DKIM and SPF.
Google Forms is used to create faux Microsoft login pages to harvest company consumer credentials
Cofense's Europe director Dave Mount
After creating a suspect email account with privileged access to CIM Finance, the hackers used the CIM Finance internet site to ship a flow of phishing emails.
This technique avoids the first email protection checks because the electronic messages originate from a valid source.
Cofense’s Europe director Dave Mount told SC Media phishing risk players have long abused cloud services to supply malicious payloads through forms like Google Docs.
Google Docs news: Beware of Google Docs forms asking for Office 365 updates (Image: Getty)
Google Docs news: Don't trust Google Docs forms requesting Office 365 updates (Image: Getty)
He said: ”In this campaign and others like it, Google Forms is used to create faux Microsoft login pages to harvest company consumer credentials.”
The emails themselves pose as notifications from the IT crew informing recipients “updating the user’s Office 365” is needed to prevent the suspension in their accounts.
By creating this sense of urgency, criminals tried to persuade the public into clicking on the “Update Now” button.