Emerging Threats to Microsoft 365 Accounts
Cybercriminals have discovered a novel method for stealing Microsoft 365 accounts using Google Apps Script, as reported by TechRadar. This cloud platform, designed for task automation in Google services, has become a tool for phishing attacks.
The attackers send emails to victims that include fake invoices from Google. The links in these emails point to script[.]google[.]com, creating an illusion of legitimacy. When the victim clicks on it, a false loading message appears. The click redirects the user to a counterfeit Microsoft 365 login page that closely resembles the real one. The entered credentials are captured directly by the hackers.
To better cover their tracks, the fraudsters configure the page to redirect the victim to the legitimate Microsoft 365 site as soon as the login credentials are entered.
Cybersecurity experts from Cofense have identified this scheme and are warning about its dangers. They advise users not to open suspicious emails, especially those containing unexpected invoices from Google. It is also crucial to verify email addresses and websites to avoid falling victim to fraud.
