"Phishers Use Encrypted File Attachments to Steal Microsoft 365 Account Credentials"
Attackers are using encrypted restricted-permission messages (.rpmsg) attached to phishing emails in order to steal Microsoft 365 account credentials. According to researchers from Trustwave, the campaigns are low-volume, targeted, and use trusted cloud services, such as Microsoft and Adobe, to deliver emails and host content. The initial emails are sent from compromised Microsoft 365 accounts and appear to target recipient addresses where the sender may be familiar. The phishing emails are sent from a compromised Microsoft 365 account to employees working in the billing department of the recipient company. This article continues to discuss phishers' use of encrypted restricted-permission messages to steal Microsoft 365 account credentials.