A brief overview
Researchers from MalwareHunterTeam have observed a new Microsoft account phishing scam, wherein the phishing page uses the SmtpJS service to send the stolen credentials to the scammer via an email.
The methodology that benefits the researchers
This technique benefits security researchers and analysts as they can view the source for the landing page to see the configuration being used by SmtpJS.
Using this config information, analysts and researchers can easily track the scammer behind the campaign.
Recommendations
System administrators can also benefit from this methodology by blocking the SMtpJS service on their web filters. It is best to block access to the SmtpJS service and phishing pages that use the service to stay protected against such scams.
Publisher