Proofpoint Phish Harvests Microsoft O365, Google Logins
A new campaign impersonating Proofpoint has successfully avoided Microsoft email security. The campaign consists of phishers attempting to fool targets into believing the email comes from Proofpoint, a well-known cybersecurity company, in an attempt to steal Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, one such campaign targeted a global communications company and nearly one thousand of the organization’s employees were targeted. Some of the phishing emails claim to have sent a secure file via Proofpoint as a link. However, clicking the link takes victims to a splash page with spoofed Proofpoint branding containing login links for different email providers.
The campaign has also included dedicated login page spoofs for Microsoft and Google. The email lure was a file purportedly linked to mortgage payments and included the subject line “Re: Payoff Request,” encouraging targets to think that the message was part of the ongoing correspondence. Adding ‘Re’ to the subject line is not a new tactic, but it can prompt a sense of urgency and make it more likely that the target will open the link and follow the email’s instructions.