Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038

    New “Greatness” Phishing-as-a-Service Tool Aids in Attacks Against Microsoft 365 Customers

    This new phishing toolkit is rising in popularity for its effective realism in impersonating not just Microsoft 365, but the victim organization as well.

    Security researchers at Cisco Talos have identified a new Microsoft 365 toolkit that actually creates a realistic login experience for the victim user, making it more dangerous to organizations.

    The convincing impersonated login pages include:

    • Microsoft 365 branding and look-alike login page content
    • The victim’s email address pre-filled
    • The victim organization’s logo and background image (extracted from their real Microsoft 365 login page)

    According to Cisco Talos, the target victim organizations were almost exclusively in the U.S., U.K., Australia, South Africa, and Canada, with the most commonly targeted sectors being manufacturing, healthcare and technology.


    Source: Cisco Talos

    The attack actually does more than simply present the victim with a login page or ask them to enable macros. This sophisticated toolkit grabs a blurred image of an Excel spreadsheet with a superimposed box hosting a Microsoft 365 logo and a spinning wheel (as if to convey the document is trying to load). The victim is then presented with a Microsoft 365 login page already sitting at the “enter your password” stage:

    4-20-23 Image

    Source: Cisco Talos

    Upon password entry, the toolkit attempts a login, and should multi-factor authentication (MFA) be enabled, performs a passthrough MFA attack, where the toolkit says **it is** sending the victim a code to their phone (when, in fact, Microsoft 365 is doing it). Once the code is entered into the toolkit, the code is passed through to perform the legitimate logon, giving attackers access to the Microsoft 365 account.

    If there was ever a need for security awareness training to teach users to be mindful when interacting with unexpected inbound email that involves even the most believable user experience, this attack makes it clear that the time is now.

    Free Phishing Security Test

    Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

    Here’s how it works:

    • Immediately start your test for up to 100 users (no need to talk to anyone)
    • Select from 20+ languages and customize the phishing test template based on your environment
    • Choose the landing page your users see after they click
    • Show users which red flags they missed, or a 404 page
    • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
    • See how your organization compares to others in your industry

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser:

    Sign Up to the TIO Intel Alerts!

    Back To Top