Hackers spoof new Azure AD and Microsoft 365 sign-in pages

Nefarious hackers waste no time spoofing new sign-in pages

Microsoft has discovered that hackers have been hard at work revamping their phishing campaigns to use the new Azure AD and Microsoft 365 sign-in pages. 

According to a tweet from the company: “Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns. We have so far seen several dozens of phishing sites used in these campaigns.”

The Azure AD sign-in experience underwent a redesign about three months ago, but the new sign-in pages didn’t roll out until the first week of April.

Microsoft intended the redesign to reduce bandwidth requirements when loading Azure AD sign-in pages. The new design also made it easier for potential victims to determine when an attacker with outdated phishing tools targeted them. Now, it appears hackers have updated their tools to include updated sign-in pages.

With their spoofed paged now up to date, hackers are back to their old tricks. By sending out emails with the subject line “Business Document Received,” hackers have tricked unsuspecting users into opening fake PDFs. For some recipients, opening these malicious PDFs leads them to the new Azure AD or Microsoft 365 sign-in pages.

Microsoft’s Security Intelligence team said of the spoofed pages: “Microsoft Threat Protection provides comprehensive protection against these threats. Office 365 ATP catches ever-changing threats by exposing and detecting malicious behavior using detonation and machine learning. Microsoft Defender ATP blocks malicious documents on endpoints.”

Microsoft has addressed the spoofed pages, but Azure AD and Microsoft 365 aren’t the only Microsoft products malicious actors have targeted. Just a few weeks ago, a series of phishing attacks used images from automated Microsoft Teams notifications to steal Office 365 credentials from unsuspecting users. The company’s Sway service was also recently impacted by a highly targeted spear-phishing campaign that’s since been dubbed PerSwaysion.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Gmail vs Outlook.com: Which one is better?
email providers

Gmail vs Outlook.com: Which one is better?

22 Jan 2021
Microsoft Surface Duo review: Progress is a double-edged sword
Mobile Phones

Microsoft Surface Duo review: Progress is a double-edged sword

20 Jan 2021
Microsoft unveils its new retail-focused cloud service
Cloud

Microsoft unveils its new retail-focused cloud service

14 Jan 2021
Microsoft more than doubles file size limit for SharePoint, Teams, and OneDrive
Microsoft Office

Microsoft more than doubles file size limit for SharePoint, Teams, and OneDrive

14 Jan 2021

Most Popular

How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021