Microsoft Phishing Campaign

The NJCCIC recently detected a phishing campaign attempting to steal users’ credentials for various Microsoft websites. These unsolicited emails contain subject lines often referencing someone sending the user a copy in the format “(name) sent you a copy." These emails contain links that, when clicked, lead the user to a phishing site hosted on Google’s AppSpot hosting platform. If the user enters their credentials into this page and hits submit, they are redirected to the legitimate Microsoft website and their credentials are sent to the threat actor. To the user, it only appears as though their initial login failed. This is a tactic often used by threat actors to attempt to obtain user credentials to various sensitive accounts. The NJCCIC advises users to avoid clicking on links in unsolicited emails and, instead, manually type the account URL in the address bar of your browser to navigate to the site. Additionally, it is highly recommended to enable multi-factor authentication where available to reduce your risk of account compromise via credential theft.