Phishing Attacks on Microsoft and Outlook; By Way of Microsoft’s Azure Blob Storage

Two major phishing campaigns have been discovered by the
researchers which uses Microsoft’s Azure blob to steal details from Outlook and
Microsoft accounts.

Both the campaigns employ real-looking landing pages which
make use of SSL certificates and the domain to seem authentic.
The first phishing email goes around asking the receivers to
log into their office 365 account to update the information.
The emails happened to have “Action Required: (email address)
information is outdated-Re-validate now!!” in their subject boxes.
The moment a user clicks on the link provided in the mail,
they will be directed to a landing page which fake-acts as the organization’s Outlook
Web App.
This landing page is what does the main task of stealing the
credentials from the user.
The second one works on stealing users’ Microsoft account
details and credentials.
The process to lure in the user starts from Facebook’s
workplace service and ends up taking the user to a Microsoft’s landing page.
This could either be s single-sign-on approach or a mixed up
campaign for luring victims in.
The Microsoft account the users are brought to, is fairly legit
looking as it uses the same form and the same background for that matter.
Both the landing pages make use of Azure Blog Storage to
make them look convincing and as far as possible, legitimate.
All Microsoft Azure does is that is adds legitimacy to the
landing pages used by the phishing-cons to target the Microsoft services.
The Azure Blob storage URLs use the domain making
the landings look fairly legitimate.
Also, every URL on Azure Blob Storage happens to be using a
wildcard SSL certificate from Microsoft, making every landing page get a “lock
This would exhibit a Microsoft certificate every time a user
would try to click on the certificate to check who signed, making the entire
sham all the more believable.
To steer clear of such phishing attack one thing need to be
kept in mind that the original login forms from Outlook and Microsoft could
indubitably have,, and as their domain names.

Share this with Your friends:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *