Threat actors are impersonating cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Gmail credentials.
Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Google Gmail credentials. The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”
“The email claimed to contain a secure file sent via Proofpoint as a link.” reads the post published by Armorblox. “Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google.”
Upon clicking the email link embedded in the message, the victims are redirected to a splash page with Proofpoint branding.
The phishing message was sent from a legitimate individual’s compromised email account. The sender’s domain (sdis34[.]fr) was a department of fire rescue in Southern France.
Clicking on the Google and Office 365 buttons led the victims to specially crafted Google and Microsoft phising pages that asked for the victim’s credentials.
The phishing pages were hosted on the “greenleafproperties[.]co[.]uk” domain, which was updated in April 2021. The URL has currently redirected to ‘cvgproperties[.]co[.]uk.’
Below are the key findings for this campaign:
- Social engineering: The email title and content aimed to induce a sense of trust and urgency in the victims – a sense of trust because the email claimed to contain a file sent by Proofpoint, and a sense of urgency because it contained information on mortgage or other home-related activities.
- Brand impersonation: The email and landing page both spoof Proofpoint. The login pages for Google Workspace and Office 365 are also replete with the branding of the respective email providers.
- Using compromised email address: The email was sent from an individual’s compromised email account belonging to a French fire rescue department.
(SecurityAffairs – hacking, phishing)
The post Experts spotted a phishing campaign impersonating security firm Proofpoint appeared first on Security Affairs.
This content was originally published here.