State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Office 365 Phishing Campaign Enables Unique Evasion Methods

NJCCIC Alert

Original Release Date: 11/19/2020

Summary

An active Office 365 credential phishing campaign was observed using several evasion methods in an attempt to bypass sandbox environments. The campaign targets enterprises with lures relevant to teleworkers, such as password updates, video teleconferencing (VTC) invitations, and helpdesk tickets. One of the evasion tactics employed is the use of redirector URLs, in which automated analysis attempts will be redirected to legitimate sites rather than the phishing landing page. Additionally, custom subdomains are generated to use with redirector sites for each of the targets and often contain the target's username and their organization's domain name in order to appear legitimate.

Recommendations

The NJCCIC reminds users to avoid clicking on links and attachments received from unknown contacts, and exercise caution with those from known contacts. If you are unsure of an email’s legitimacy, contact the sender via a separate means of communication before taking action. Additional information can be found in the Bleeping Computer article.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.