Digital fraudsters are stealing Microsoft Office 365 administrator credentials as part of a broader phishing campaign targeting organizations.
The campaign began with a phishing email that leveraged Microsoft and its Office 365 brand to lull recipients into a false sense of security. This attack email was unique, however, in that it originated from validated domains that don’t belong to Microsoft. PhishLabs says this tactic gives attackers an advantage:
This is beneficial for attackers because many email filtering solutions leverage the reputation of a sender domain as a major component of determining whether to block an email. Well established domains with a track record of sending benign messages are less likely to be quickly blocked by these systems. This increases the deliverability and efficiency of phishing lures.