EvilProxy Phishing Targets Microsoft 365 Accounts Via Indeed.com Redirects

Researchers have found a new EvilProxy phishing campaign that targets Microsoft 365 accounts. To trick users, the threat actors exploit the open redirects from Indeed.com website. Users need to remain vigilant with interacting with job listings to avoid scams and other cyber threats.

EvilProxy Targets Microsoft 365 Accounts In Recent Phishing

In a recent post from Menlo Security, researchers explained about a new phishing campaign from the EvilProxy phishing service to target Microsoft 365 accounts. The threat actors specifically target organizations, luring the users by exploiting Indeed.com website’s open redirects.

Indeed.com is a popular job search platform boasting a huge number of employers, employees, and new applicants from around the world. It’s a common recruiting platform for both job hunters and recruiters, hence, is familiar to most professionals.

Briefly, the attack begins via phishing emails including Indeed website’s links. The attackers exploited Indeed’s open redirection to redirect the visitors to a phishing web page mimicking Microsoft’s website. Since the redirection originates from the genuine “Indeed.com” website, the potential victim would likely trust the phishing page finally appearing on the screen.

For this, the attackers used the phishing-as-a-service “EvilProxy” subscription-based platform promoted on the dark web. Whereas the target victims mostly include the C-suite and key executives among US-based organizations from various sectors.

Upon landing at the phishing page, the victim then enters the Microsoft 365 account credentials on it. At this point, the EvilProxy service facilitates the redirection to the original Microsoft domain, tricking the user into believing everything as genuine. Whereas, in the background, it hands over the victim’s login credentials to the attackers.

The researchers have shared the details about the attack in their post. Besides, they also advise the users to stay wary of such threats by using robust MFA methods (such as security keys), verifying the URLs before entering login credentials, and using session isolation solutions. Moreover, organizations should also conduct appropriate awareness sessions for the staff to prevent cyber threats.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients