Security Snapshot is now part of SurgeONE.ai Same experts, even more power.
< BACK TO BLOG

New Phishing-as-a-Service targeting Microsoft Logins

May 12, 2023

Security firm Cisco Talos is reporting a new criminal service that's delivering sophisticated phishing emails looking to harvest the Microsoft login credentials of unsuspecting victims.  The service, called Greatness is easy for criminals to set up and requires little technical expertise to operate.

The attack starts with an email with an HTML attachment.  Once you open the attachment, your browser will display a blurred image of a spreadsheet with a spinning wheel.

You are then redirected to what looks like a Microsoft login page which may already be populated with the logo of your organization and your email address.  This is NOT a login for Microsoft but the credential harvesting page on the attacker's website.

Takeaways:

  1. Cybercriminals are getting ever more resourceful in making their attacks appear legitimate.
  2. Don't open attachments in emails you are not expecting.
  3. If you feel you need to open the attachment, call the sender to verify it came from them and they intended to send it.  You may have the honor of letting them know their email has been compromised and they fell for the attack covered above.

Source: Cisco Talos Intelligence

Need Help Now?
sales@surgeone.ai
+1 650-294-8889
How it WorksOur ProcessPricing Options
What Our Clients SayWho We ServeCyber Bites
About usPrivacy policyContact Us
© Security Snapshot.
Privacy Policy | Master Services Agreement