Imagine yourself as an executive casually browsing the state of the job market on Indeed, and you receive an email for a job listing that looks particularly interesting.
The email looks like it's from Indeed and there is a genuine Indeed link - nothing out of the ordinary in terms of emails you receive. You click on it. You’re routed through to the Microsoft 365 login page, you log in as normal, and you’re passed through to what looks like the website.Â
Your account is gone
This latest phishing scam, uncovered by researchers at Menlo Security, is aimed at US executives in a wide range of industries from software to real estate.Â
This particular campaign can bypass the multi-factor authentication on Microsoft 365 account by stealing session cookies from a phishing site designed to look like the regular Microsoft login page.
EvilProxy is the platform used in this scam which essentially acts as a shifty middle man between the user and the genuine website. You may be wondering how a link from a legitimate Indeed email could set you up for phishing, and that's why this campaign sees a higher rate of success. The link has a weakness in it, known as an open redirect, which allows scammers to redirect you to their dodgy website through a legitimate looking link.
The real beauty of this scam is the use of legitimate Indeed links. As they are widely recognized as a reputable source they can often bypass spam filters and other security measures. Even as cybersecurity measures improve, hackers are getting more creative with the ways they are smuggling phishing emails through defenses.
Via BleepingComputer
More from TechRadar Pro
- Looking to protect yourself? Here is the best identity theft protection software
- The cybersecurity field is lacking hundreds of thousands of workers - and this new research shows us why
- Take a look at our list of the best firewalls on the market
