A recent phishing campaign has emerged, utilizing Microsoft Entra guest user invitations as a mechanism for sophisticated social engineering attacks. By leveraging a critical security gap in Microsoft Entra, attackers can send legitimate-looking invitations that entice recipients to contact them under the guise of Microsoft support. The campaign exhibits an evolution in Telephone Oriented Attack Delivery (TOAD) tactics, blending traditional phone scams with cloud infrastructure exploitation.
Michael Taggart, a security analyst, uncovered this malicious strategy after observing multiple phishing campaigns targeting the guest invitation feature. Attackers are using genuine email addresses like invites@microsoft[.]com to bypass email filters and establish trust with victims. They register fake organizational tenants to impersonate legitimate Microsoft entities, creating an illusion of credibility. The phishing email contains fabricated details regarding a renewal of Microsoft 365 services, directing users to call a phone number that connects them to the attackers for credential harvesting.
To combat this, it’s crucial for organizations to implement robust detection measures, such as monitoring email logs for specific indicators and educating users on verifying communications through official channels. This campaign highlights the urgent need for enhanced security protocols to mitigate the evolving threat landscape posed by such sophisticated attacks.
👉 Pročitaj original: Cyber Security News
