Image

Image

...[T]he threat actor has utilized a Google Ad Services redirect to pilot users to their phish. This suggests that the threat actor(s) may have paid to have the URL go through an authorized source. In turn, this easily bypasses secure email gateways and exposes employees to the phish.From there, the campaign led the user to a fake page that functioned as a duplicate of the official Microsoft page. This imposter page presented the visitor with a privacy policy that contained logos for both Microsoft and the user's company. It then prompted them to click on an "Accept" button. Doing so sent the user to another page designed to steal their Microsoft credentials. Upon receiving their victim's details, that page showed a "We've updated our terms" dialog box before redirecting them to a legitimate Microsoft page containing the tech giant's service agreement. The campaign discussed above highlights the need for organizations to defend themselves against phishing operations. They can do so by educating their employees about some of the most common types of phishing attacks that are in circulation today.