A phishing campaign that uses legitimate organizations’ Office 365 infrastructure to send emails has emerged onto the cyberscam scene.
According to Michael Tyler at PhishLabs, cybercriminals are looking to compromise Microsoft Office 365 administrator accounts to send out phishing lures – thus ensuring the emails come from legitimate, validated domains.
“This is beneficial for attackers because many email filtering solutions leverage the reputation of a sender domain as a major component of determining whether to block an email,” he explained, in a recent posting on the campaign.