ZDNet Japan Staff
2019-02-28 13:27
Here's my content
Security companies have reported that phishing sites that steal Microsoft account information are hosted on Microsoft Azure's object storage service, Azure Blob Storage. It warns that users may be fooled by the fact that the phishing site's domain contains the string "windows.net".
According to EdgeWave, which reported this, two types of phishing attacks were used, both targeting Office 365 account information. One trick is to get recipients to click on a link to a phishing site through an email disguised as a notification from Facebook's Workplace business chat feature. The phishing site resembles an Office 365 login page, where you'll be prompted for your account information.
Phishing site guided by email disguised as Facebook's "Workplace" notification (Source: EdgeWave)Another trick is to use an email disguised as an Office 365 notification and go to the phishing site with the words "Is your credentials out of date? Please update your information so that you can use Office 365 smoothly." Attempts to click the link. This phishing site was disguised as an Office Web App login page.
An email-guided phishing site disguised as an Office 365 notification (Source: EdgeWave)Both phishing sites are hosted in Azure Blob Storage, and the URL contains the string "windows.net", which could be fooled by an attacker if the user relies solely on the URL. According to EdgeWave, phishing emails were sent from Swiss providers' IP addresses, but IP address-based blocking is less effective and it is important to educate and educate users to be aware of the attack.
Bleeping Computer, who reported on EdgeWave, advised that "the legitimate login page for Microsoft and Office 365 accounts should remember that the domain is microsoft.com, live.com, or outlook.com." are doing.
Read all ZDNet Japan articles by email every morning (free registration)
Apply for e-mail newsletter subscriptionRelated article
- Related keywords
- Cyber attack
Related white paper
- Popular category
- management
- Security
- Cloud computing
- Virtualization
- Business application
- mobile
![Advantages of "Gravio" that can implement face / person recognition AI with no code [Archive distribution now]](https://website-google-hk.oss-cn-hongkong.aliyuncs.com/drawing/article_results_6/2022/2/25/98ceaf1a66144152b81298720929e8e7.jpeg)