Lagos, Nigeria

Phishing scam using inverted images hits Office 365 accounts

Detecting the new phishing technique

The new strategy involves inverting the background image colors and thus making it look like the original, however containing a fake login form.

inverted image phishing scam on office 365

The purpose is to avoid being spotted as a malicious attempt and bypass any detection engine. Additionally, this technique supposedly doesn’t make users suspicious and avoid entering their credentials.

To make the attempt look even more legitimate, the phishing kit uses a little trick. Namely, the inverted color image is stored by the attackers, then they modify the CSS index.php code to force the color to revert to the original state.

css code phishing scam on office 365

Further on, the visitors get the fake page, while the detection engines receive the original one, and more likely wouldn’t notice the scam.

What’s more, according to the source:

[…] The inverted image was discovered within a deployed Office 365 credential phishing kit. Our team reviewed other campaigns deployed by this threat actor, discovering that the individual was using the same inversion technique on the newer Office365 background.

It’s always a good idea to stay on the watch for these scams to avoid falling into the trap.

Just a few months ago, a similar phishing attack went for the secure email gateways, trying to lure Office 365 users into accepting a new Terms of Use and Privacy Policy.

Bitdefender Antivirus Plus

Bitdefender Antivirus Plus

Let Bitdefender keep an eye on possible phishing attempts while you enjoy safe browsing.

While it’s hard for the regular user to spot fake log-in pages, staying away from unsolicited links and forms might save you from further trouble.

Also using a powerful antivirus with a proven detection rate against phishing attacks, such as Bitdefender, will add to your safety while surfing the Internet.

This post was written by Sinziana Mihalache and was first posted to WindowsReport

Do you find this article helpful? Your Friend might too. So, please Share it with them using the Share button above.
Will you like to get notified when I post new updates? Then Follow me on any of my social media handles: Google News, Telegram, WhatsApp, Twitter, Facebook, Pinterest.
You can also drop your email address below if you wish to be notified by mail.

[newsletter_form type="minimal" lists="undefined" button_color="undefined"]

Tags: , , ,