Watch out for this phishing campaign that is after your passwords

by Don Sharpe
Don Sharpe
Don Sharpe
Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been... read more
Affiliate Disclosure
  • Microsoft has detected an ongoing phishing campaign that steals passwords using codes from other hackers.
  • The attackers are relentlessly creating malicious Workmail accounts to launch the attacks.
  • Phishing is common, and attackers are continuously developing new ways to capture their victims by exposing them to vulnerabilities.
  • You can visit our Security and privacy section and check out some of our recommendations to stay protected.

When Microsoft is busy trying to bring new updates and features to its platforms, attackers are also busy launching malware to expose the victims to vulnerabilities. We had reported about a similar campaign that was after your credentials here.

There is a new phishing campaign currently ongoing that aims at stealing passwords. The attackers use a phishing kit that makes use of pieces of code that have been copied from other hackers.

Phishing kit

A phishing kit is a software that facilitates the attacks. According to Microsoft, this phishing kit is made up of several elements and is readily available for sale since they have been repackaged and are readily available to willing buyers.

Microsoft has since branded the kit ZooToday and has discovered that it is making use of the WorkMail domain AwsApps[.]com. It then unleashes emails with links that mimic the Microsoft 365 login page to phishing pages.

Not large scale enough

Compared to other phishing attacks, this one appears to be a low-budget one as it does not attack any specific organization. It randomly generates domain names making the chances of attacking a real firm really slim but not entirely impossible.

The technique used is what caught Microsoft’s attention since it copies the company’s zero-point font obfuscation. This is a HTML text with a zero font size in an email that aims to avoid human detection.

Microsoft 365

A large number of the targeted attacks were found to be similar to the Microsoft 365 sign-in page. Another unusual activity was that the data harvested remained on the site and was not shared elsewhere. 

Although no party has come forward to claim ownership, Microsoft strongly believes this is a single operation attack.

It seems the situation is under control as Microsoft alerted Amazon about the phishing campaign, and AWS took action.

What are some of the steps you are taking to protect yourself from spoof emails? Let us know in the comment section below.