This devious phishing campaign uses Indeed.com job searches to target Microsoft 365 accounts

You won’t know you’ve fallen for this scam till your account is gone

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Imagine yourself as an executive casually browsing the state of the job market on Indeed, and you receive an email for a job listing that looks particularly interesting.

The email looks like it’s from Indeed and there is agenuine Indeed link- nothing out of the ordinary in terms of emails you receive. You click on it. You’re routed through to theMicrosoft365 login page, you log in as normal, and you’re passed through to what looks like the website.

After lunch, you try to log in to your Microsoft 365 account so you can resume working on that very important document, but your password is incorrect. Strange. You definitely typed it in correctly, so you try again. Nothing.

Your account is gone

This latestphishing scam, uncovered by researchers at Menlo Security, is aimed at US executives in a wide range of industries from software to real estate.

This particular campaign can bypass the multi-factor authentication on Microsoft 365 account by stealing session cookies from a phishing site designed to look like the regular Microsoft login page.

EvilProxyis the platform used in this scam which essentially acts as a shifty middle man between the user and the genuine website. You may be wondering how a link from a legitimate Indeed email could set you up for phishing, and that’s why this campaign sees a higher rate of success. The link has a weakness in it, known as an open redirect, which allows scammers to redirect you to their dodgy website through a legitimate looking link.

The real beauty of this scam is the use of legitimate Indeed links. As they are widely recognized as a reputable source they can often bypass spam filters and other security measures. Even as cybersecurity measures improve, hackers are getting more creative with the ways they aresmuggling phishing emailsthrough defenses.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Dangerous Android banking malware looks to trick victims with fake money transfers

Sophos Firewall hack on government network used an all-new custom malware

I’m canceling Prime Video for Apple TV Plus this month – here are 5 reasons why