Rewterz

Rewterz Threat Alert – Microsoft Office 365 Admins Targeted by Ongoing Phishing Campaign

November 18, 2019
Rewterz

Rewterz Threat Alert – Iranian APT Uses Job Scams to Lure Targets

November 18, 2019

Rewterz Threat Alert – Phishing Campaign Threatens an Automatic Password Change

Severity

Medium

Analysis Summary

A silly phishing campaign is underway where the attackers state that the target’s password will expire and be changed unless they login and confirm that they want to keep it the same. The phishing email states that the users need to click on the “Keep same password” button or their password will expire. Given below is the email body.

Phishing Email

Once the target clicks on the “Keep same password” link they will be brought to a page asking them to login to their mail server.

Phishing landing page

When the user enter their login credentials, the attackers will now have their login credentials and will be able to access the email account.

Impact

  • Credential Theft
  • Unauthorized Access

Remediation

  • Do not respond to emails coming from untrusted sources.
  • Do not enter credentials on any sites you’re redirected to, through untrusted URLs.
  • Implement employee awareness programs against phishing attacks.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.