Cybercriminals Steal Microsoft 365 User Data Through Phishing Links

Cybercriminals have exploited link wrapping technology, commonly used to detect and prevent malicious links in emails, to steal login credentials from Microsoft 365 users. According to researchers from Cloudflare Email Security, the attacks leveraged security vulnerabilities in U.S.-based cybersecurity firm Proofpoint and cloud communication service provider Intermedia.

Investigation Findings

Cloudflare’s Email Security team discovered that during June and July, cybercriminals gained control of certain email accounts equipped with security features. Using these compromised accounts, they sent phishing emails containing malicious links. Clicking these links directed users through a series of redirects to a fake Microsoft 365 login page, where entered usernames and passwords were captured and sent to the attackers’ servers.

How the Attack Works

Link wrapping technology is widely used to enhance email security by transforming URLs in emails into trusted domains, which are then scanned before reaching the user. However, attackers have manipulated this system. They first hack into a secure email account of an organization, then use it to send malicious links with short, multi-layered redirects. Unsuspecting recipients, trusting the source, click these links and are redirected through multiple steps to a fraudulent Office 365 login page.

Common Tactics

According to researchers, attackers often disguise phishing links as fake voicemail notifications, shared Microsoft Teams documents, or invitations to view secure messages. Clicking these links leads users through several redirects to a counterfeit Office 365 login page, where their credentials are stolen.

Share This Post

Facebook Twitter LinkedIn WhatsApp Print

শেয়ার করুন