Microsoft Security researchers discovered an unusual phishing campaign replicating their Microsoft login page designed to look exactly like Microsoft’s official login page and redirecting it to a 404 error page in order to steal users’s login information. “The 404 Not Found page tells you that you’ve hit a broken or dead link – except when it doesn’t,” says Microsoft’s research team. Hackers smartly picked few Microsoft’s official page links to include in their fake portal to make it look original.
By configuring a 404 error page instead of creating a single landing page, the phishers afforded themselves and their campaigns a significant degree of flexibility. Microsoft’s analysts noted that these fraudsters can essentially pair their domain with an infinite number of phishing landing pages. The researchers also observed attackers randomizing their domains, which further increased the number of phishing URL possibilities available to them going forward.
A typical fake landing page looks like the following:
Preventing modern Phishing Attacks:
- Always double check the URL before clicking.
- Have complicated passwords for all your online accounts.
- In case of doubt, enter fake password and login.
- Use browsers which have anti phishing plugins by default.
- Always be leery of mysterious pop-ups asking login credentials.
- Stay updated with the latest phishing attacks and prevention tools.
Logix is one of the leading IT company to deliver Email Security from its private cloud Infrastructure with our core competency in securing over half a million mailboxes. Logix Cloud Email Advanced Threat Protection (ATP) enables Organizations to combat Advanced Malware (known and unknown Malware), Spear-phishing, Domain Impersonation/ Domain Spoofing, Zero day, Whaling, Ransomware, Crypto ware, Business Email Crime(BEC) attacks with its multi layered , multi-tiered Security approach using the multiple threat intelligence detection & prevention tools.