"Microsoft Office 365 Attacks Sparked from Google Firebase"

Researchers at Armorblox have discovered a savvy phishing campaign that manages to evade native Microsoft security defenses and is bent on stealing Microsoft login credentials.  The phishing campaign is using Google Firebase to bypass email security measures in Microsoft Office 365.  The phishing campaign is made up of invoice-themed emails and was sent to at least 20,000 mailboxes.  The emails carry a subject line, "TRANSFER OF PAYMENT NOTICE FOR INVOICE," and contain a link to download an "invoice" from the cloud.  If a victim clicks on that link, it begins a series of redirects that eventually takes the victim to a page with Microsoft Office branding that is hosted on Google Firebase.  The page is a phishing page used by adversaries to harvest Microsoft login information, secondary email addresses, and phone numbers.  The researchers stated that "since all workplace accounts are so closely interlinked, sharing credentials to one of your accounts can prove to be very dangerous as cybercriminals send emails in your name to trick your customers, partners, acquaintances and family members."

Threatpost reports: "Microsoft Office 365 Attacks Sparked from Google Firebase"