NIST's guidance for a Zero Trust Architecture

Recent AD News

Microsoft-themed content used as bait for half of credential-swiping phishing attacks

In 2020, half of all phishing emails used Microsoft Office-themed content to lure in unsuspecting victims and swipe their credentials, according to a Tuesday report by Cofense. The company analyzed millions of attack-related emails and concluded that 57% of the mails were phishing emails with the intent to steal credentials, while the rest were used for planting malware in the user’s systems or as business email compromise (BEC) attacks.

Cofense researchers said that 45% of those phishing emails were Microsoft themed as they were banking on the increase in organizations migrating to Office 365. “With the number of organizations migrating to Office 365, targeting these credentials allows the threat actor to gain access to the organization as a legitimate user to go undetected,” the researchers from the company told Threatpost. They further went on to recommend the use of multi-factor authentication (MFA) to secure Microsoft Office logins.

The researchers also said that apart from Microsoft products and solutions that tie-in with Microsoft, other company names have also been used to lure in victims. “Other popular brands we observed asking for credentials were other various cloud hosting services such as Adobe, Dropbox, Box, DocuSign or WeTransfer,” the researchers said.

Related posts
Recent AD News

Attackers use stolen credentials to intrude into the UN network

Recent AD News

CISA and FBI expect ransomware attacks to soar over the Labor Day weekend, issue advisory

Recent AD News

Another zero-day vulnerability confirmed by Microsoft

Recent AD News

Automate access decisions with risk-based contextual authentication

Leave a Reply

Your email address will not be published. Required fields are marked *