Office 365 isn’t immune to phishing just because Microsoft equipped it with multi-factor authentication: the recently discovered tactic can get pass it to access the cloud storage.
This phishing technique tricks the Office 365 users, disguising itself as an ordinary email supposedly leading to a file The title hints that the recipient has received a Q1 salary bonus.
If users actually click the link to open it, they will be directed to the Office 365 login page. It is the real one, but its URL will be too long, hiding the parameters which fraudulently acquire permission to access the cloud storage account. This URL transmits responses to a BelCloud domain located in Bulgaria.
The phishing scheme lets hackers obtain private mail and document saved in the Office’s cloud storage. The data they steal can be held hostage in exchange for cryptocurrency ransom and more.