New phishing attack tries to steal Office 365 credentials via Box

Researchers at cloud security platform Armorblox have uncovered a phishing attack that seeks to steal Office 365 login credentials. So far, so predictable. The clever twist here though is that the initial page victims are taken to via the email link is hosted on cloud file sharing service Box, followed by a credential phishing page that resembles the Office 365 login portal. The sender name and domain used belong to a legitimate company and this together with the use of Box helps the attack to evade detection and get through to people's inboxes. The emails are also constructed to encourage… [Continue Reading]