Phishing campaigns target the receivers with lure content and want to steal their personal information or necessary credentials. Hackers and cybercriminals use such creepy phishing emails to steal sensitive data like passwords, pin codes, and other sensitive financial information.
A new phishing Email Campaign masquerade as help desk software and try to filch enterprise cloud important credentials. Many cloud services like Microsoft Azure, Microsoft Dynamics, and IBM has been observed these mysteries’ activity. The hackers tried to use Microsoft cloud for this purpose.
According to reports by bleeping computers, they analyzed the phishing messages and came to know that they use similar professional wordings to pretend an IT help desk.
They called themselves service desk.com.
The people behind this campaign worked so cleverly and intelligently. They sent a phishing email imitating a quarantined mail notification. They ask for help from the recipients to release the stuck messages. This email contains the address [email protected]. Actually, hackers did everything so cleverly and professionally by using the intermediary domain.
To bypass the email filters, the hackers used the service desk domain. They used the service desk com’s name in both from and receives headers appear more credible. They don’t want to give a chance to anybody to doubt them. These cybercriminals used IBM cloud hosting to appear authentic and trustworthy. They cleverly used the free SSL certificates containing these companies name to prove them, legitimate service providers.
How did these phishing message work?
This new email phishing campaigned is dangerous. When a receiver opens such a phishing email, they see a message with the most real or clean up clouds. Then the user clicks on these options; a legitimate Microsoft Dynamics 365 URL redirects them to the IBM cloud. That IBM cloud is used to host this malicious phishing caging.
Then they ask for a password; if the user enters a week password, then the page will give them an error. If they enter along with a complex password, users are redirected to another fake page to confirm the settings. After fulfilling these requirements, the user redirects to another website to “axsharma.com.” This website belongs to hackers.
This new phishing email scam is extremely dangerous. Once the user adds their sensitive information like Enterprise cloud credentials, any cybercriminal can gain access to their sensitive data and the corporate network. After acquiring their sensitive data, these criminals can use it to fulfill their malicious purposes.