"Phishing Campaign Uses Outlook Migration Message"

Researchers at Abnormal Security have released details about an ongoing phishing campaign aimed at harvesting users' Office 365 credentials. The phishing emails in the campaign are designed to appear as if they were sent from the IT department of an organization at which the targeted user works. The phishing emails urge users to migrate to the latest version of Microsoft Outlook. When victims click the link in the email, they are taken to a malicious domain displaying an older version of the Outlook sign-up page. When a victim enters their username and password into the login page, attackers can access any platform where those same credentials are used. According to the security researchers, the emails are written in English or German. It has also been discovered that the phishing emails have reached around 80,000 inboxes thus far. This article continues to discuss the phishing campaign's use of an Outlook migration message to collect users' Office 365 credentials, how the campaign uses the COVID-19 pandemic to increase the success of its attack, and other Office 365 attacks that have been observed this year. 

BankInfoSecurity reports "Phishing Campaign Uses Outlook Migration Message"