Phishing alert – Office 365 credential stealing campaign uses cloud collaboration service Box for authenticity

Cybercriminals have found another legitimate company they can use to bypass email security. By hosting their phishing domain on Box, the secure cloud-based collaboration service, social engineers have enabled this campaign to evade detection that stops emails coming from bad domains and URL’s.

This attack follows the routine pattern for a phishing scam. The email encourages readers to click, warning of bad consequences if links are not clicked and/or details are not entered. With a footer text informing readers that the email link will only be available for a limited period of time, the criminals induce fear and panic into the receiver of this email in an attempt for them to act fast and without thought.

As with many other phishing scams similar to these, the email and landing page use convincing Microsoft Office 365 logos and imaging to further aid the reader into believing that this email is genuine.

The email (pictured below) asks the reader to review a financial document, and once the link is clicked, it sends them to a page hosted by Box, bypassing all security measures as this is a well known and trusted domain. On the page there is then another link, claiming to be hosted on OneDrive with yet another link required to access the aforementioned document.

Image credit: Armorblox

This link then directs victims to a fake landing page, carefully crafted to resemble that of the real Office 365 login page. From here, victims then enter their login credentials and their emails and passwords are stolen.

“The phishers are getting really smart these days, and they’re actually leveraging the trust people have established with hosting sites like Box, Dropbox, [Microsoft] 365, Google Drive, and hosting phishing attacks there.”

Arjun Sambamoorthy – Co-founder and head of engineering, Armorblox

These attacks are still commonplace and easy to spot if the user knows what to look for. However, as covered in our last article, the vast majority of people still do not know what danger signs to look for, despite having the awareness and knowledge that these attacks are commonplace in the modern world.

Would someone in your organisation fall for a potentially devastating scam like this? Find out in our Free Click-Prone® Test now, and see how many employees are leaving your organisation open to attack.

Recent posts