Go to listing page

Phishing Campaign Bypasses SEG to Target Office365 Users

Phishing Campaign Bypasses SEG to Target Office365 Users
Several attackers have been continuously observed using innovative techniques with phishing attacks to bypass normal standard security applications. Recently, a new campaign has been observed leveraging a combination of several tricks to bypass the Secure Email Gateways (SEG) protection.

What has been discovered?

According to a report from Cofense, the phishing campaign aims to harvest Office365 credentials, masquerading as an Outlook Security update email from the IT Security department, which could bypass the SEG layer.
  • In the emails, the threat actor has spoofed both the sender and company names. Such use of personalized subject line and sender information increases the probability of the targeted users opening the attached PDF.  
  • The PDF carries links that would direct the victims to a website, which would ask either to download malware onto the victim’s machine or the user to enter credentials.
  • To make the document look more legitimate, the attackers used the logos of Microsoft and the recipient’s company and included details, such as release date.
  • In addition, it uses a reference of Google Ads service that redirects the users to another domain hxxp://ekavolunteers[.]org, and further to another domain pretending to be Microsoft’s privacy policy page, designed to harvest credentials.

Recent phishing attacks on Office 365

Several attackers have been continuously attempting to lure Office 365 service users via various phishing campaigns.
  • A few weeks ago, a phishing campaign was observed pretending to be Zix's online email authentication solution, that was targeting Office365 users to steal their credentials. It managed to reach 5,000 to 10,000 mailboxes.
  • Around the same time, the U.S. Agency for Global Media (USAGM) disclosed a data breach after falling victim to a phishing attack in December 2020. The attack allowed a threat actor to access the personal information of several partners, stored in the email accounts.


In this campaign, attackers are using several tricks to fool the automated security systems and gain entry inside organizational networks. There is a dire need for a continuously evolving security strategy which also highlights the importance of having multiple layers of security for robust protection.

Cyware Publisher