We do not use only reputation or static engines – we take an active (“dynamic”) approach, ensuring “zero-day” phishing attacks are intercepted well before reaching the end-user’s email box.įor more information about our anti-phishing capabilities, we welcome you to check this link. By using image-recognition technology, our solution can prevent any attack – even if highly disguised. ![]() Perception Point’s service prevented this attack using advanced anti-phishing algorithms. In this campaign, the same login page is used for all apps, which means that when the user clicks on ‘Open in Microsoft Planner’ or ‘Reply in Teams’ he/she will be directed to a web page phishing Microsoft login hosted by Appspot, making it difficult to use reputation-based algorithms to detect it. Like in any phishing campaign, the attacker created a nice-looking web page to steal the end-user’s credentials. ![]() If you use Microsoft Teams for collaboration, and Planner for task management, it’s a no-brainer to link them so you can see your plans in Teams. From: Microsoft Planner / There’s new activity in Teams Planner is fine to use on your own, but it really comes alive when a team of people use it to move tasks between buckets, assignees, and dates.Subject: You’ve been assigned a task! / You have 6 messages, 3 mentions.Finally, to make it even more deceiving, the attacker chooses to use the subdomain as the envelope return-path and the user’s own organizational address as the displayed address. To complete the disguise, the attacker uses a payload containing a fake Microsoft phishing login page intended to steal credentials. In this phishing attack, the attacker tries to impersonate Microsoft Planner and Teams using the following assets:Įssentially, the attacker takes advantage of the apps’ tendency to send multiple messages in the same structure and appearance, only replacing: (1) the displayed address in the email envelope with the one of the end-users and (2) the return path to ., making it look like a real message from Microsoft. The attack, which was seen in over 10 different organizations, shows that the attacker chose a less targeted approach in launching this campaign. In this short blog we present a large-scale attack using impersonations of the Microsoft Planner and Teams collaboration apps. With so many Office 365 users globally, it’s only natural for attackers to try phishing Microsoft Planner and Teams. ![]() Microsoft is the most phished brand in the world.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |