Warning! Microsoft unearths phishing attack that mimics big brands. How to stay safe1 min read . Updated: 23 Sep 2021, 12:29 PM IST
- An investigation led Microsoft to a large-scale phishing-as-a-service operation called BulletProofLink
Listen to this article
Microsoft has conducted extensive research on phishing attacks. The tech giant has unearthed a surprisingly systematic way of how malicious actors are using sub-domains to bluff users. The software giant came across a campaign that used a high volume of newly created and unique subdomains—over 300,000 in a single run.
The investigation led the company to a large-scale phishing-as-a-service operation called BulletProofLink, which sells phishing kits, email templates, hosting, and automated services at a relatively low cost.
The service comes with over 100 phishing templates that mimic known brands and services. The research further claims that the BulletProofLink operation is responsible for many of the phishing campaigns that impact enterprises today.
Microsoft, in a blog, stated that BulletProofLink (also referred to as BulletProftLink or Anthrax by its operators in various websites, ads, and other promotional materials) is used by multiple attacker groups in either one-off or monthly subscription-based business models, creating a steady revenue stream for its operators.
The company claims that the knowledge they gained during the investigation ensures that Microsoft Defender for Office 365 protects customers from the campaigns that the BulletProofLink operation enables.
BulletProofLink operators offer over 100 templates and operate with a highly flexible business model. This business model allows customers to buy the pages and “ship" the emails themselves and control the entire flow of password collection by registering their own landing pages or make full use of the service by using the BulletProofLink’s hosted links as the final site where potential victims key in their credentials.
The templates are designed to evade detection while successfully phishing for credentials, but may vary based on the individual purchasing party.
How to deal with phishing threats?
According to the Microsoft blog, in order to build resilience against phishing attacks in general, organizations can use anti-phishing policies to enable mailbox intelligence settings, as well as configure impersonation protection settings for specific messages and sender domains. Enabling SafeLinks ensures real-time protection by scanning at time of delivery and at time of click.
Microsoft strongly recommends enabling multifactor authentication and blocking sign-in attempts from legacy authentication.
Additionally, the Windows operating system provides tools in Microsoft Defender for Office 365 to deal with phishing attacks .
Never miss a story! Stay connected and informed with Mint. Download our App Now!!