Scammers are using Oxford and Samsung servers to phish victims with fake Microsoft Office 365 pages
- The campaign uses servers from Samsung and Oxford to phish users
- The scams use faked Microsoft Office 365 to steal information
- By using servers from legitimate companies, scammers can bypass normal email protections that filter out spam
New research details how a phishing campaign is attempting to steal private data by using servers from reputable organizations to bypass email filters and direct victims to a phony Office 365 page.
According to Check Point Security, scammers documented over the last several months have been coopting unprotected servers owned by both Samsung and Oxford University.
In Samsung’s case, scammers were able to exploit Adobe Campaign servers – which usually re-direct potential customers to a desired URL – to send users to hacked WordPress site which re-directs one more time to a page imitating Office 365.
Fake emails like the one pictured above were sent from servers infiltrated by the group and have a higher chance of evading detection by automatic filters
From that page, scammers use malicious sites to steal information entered into forms.
Researchers say the scammers took advantage of a link used by Samsung in a Cyber Monday deal from 2018.
By changing a parameter in the link used in the promotion, they were able to redirect the victim to a malicious domain.
In Oxford University’s case, scammers were able to commandeer the organization’s email server to send similar phishing emails.
The emails alleged an incoming voice-message was waiting in a victim’s voice-portal on Office 365 and prompted them to click on a button that would allegedly take them to their Office 365 account.
After the victims clicked the button, however, they were redirected to a phishing page posing as the Office 365 login page.
What makes the campaign more effective than some other more rudimentary phishing operations is that the method of using open servers from legitimate entities allows scammers to bypass email filters.
Instead of sending the malicious links to spam folders or blocking them entirely, the they have a higher chance of being allowed to pass through to potential victims and increase the chances of fooling unsuspecting users.
To avoid phishing scams like those detailed in the report, researchers recommend using additional security to protect email accounts outside of what’s natively used and also avoiding entering credentials unexpectedly.