Microsoft warns that cybercriminals already
adapted their phishing campaigns to the new Microsoft 365 and Azure AD
interfaces.
Microsoft mentioned in Twitter that “Office
365 ATP data shows that attackers have started to spoof the new Azure AD sign-in
page in multiple phishing campaigns”.
Three months ago, Microsoft has updated Azure
AD interface to lower bandwidth requirements for sign-in page loading:
Microsoft noticed that hackers already
adopted their phishing campaigns. The recent one was an email with PDF attachment
that asked users to sign-in for viewing it. Clicking to “Access document”
button victims were redirected to a fake “Azure AD sign-in page”:
No comments:
Post a Comment