- Criminals are using link wrapping services to attract victims to click
- The links redirect the victims to a Microsoft 365 false destination page
- The campaign has been happening for at least two months.
Cybercriminals are abusing the “link and intermediate and intermediate service envelope service to avoid email protections, create convincing phishing emails and, ultimately, steal Microsoft 365 credentials of people. This is in accordance with cybersecurity researchers in Cloudflare, who have been observing such campaigns in nature for at least two months.
The ProofPoint link wrapping service, known as URL defense, protects users by rewriting each email link incoming to the route through the ProofPoint inspection gate before reaching the real recipient. When a person clicks on an email, it is evaluated in real time (including Sandbox’s detonation and reputation checks) and only access is granted if the link is considered safe.
But here is the capture: all the original URLs are integrated within the codified re -written link (usually preferred with “Urldefense.proofint.com) that, as a side effect, creates a sense of security with the recipients, which makes it more likely to click.
Active campaign
Cybercriminals were seen creating new fate pages that mimic the Microsoft 365 login screen and, as such, are not yet marked by security products. Then the URLs would shorten those pages using popular URL shorters like Bitly. The next step is to break into email accounts already protected by Proofpoint, and use them to wrap the shortened URL.
The last step is to distribute the shortened and wrapped URL, often through the same email accounts that were previously compromised.
Cloudflare says that he has already seen multiple attacks, with criminals sending electronic mails for false voice mail and false documents of Microsoft equipment. Victims who do not detect the attack go through a chain of redirects, landing on a page where their Microsoft 365 login credentials are requested.
As a general rule, emails in electronic emails should be checked carefully before clicking, especially if emails have some sense of urgency with them.
