Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Google Gmail credentials. The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”
“The email claimed to contain a secure file sent via Proofpoint as a link.” reads the post published by Armorblox. “Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google.”
Upon clicking the email link embedded in the message, the victims are redirected to a splash page with Proofpoint branding.
The phishing message was sent from a legitimate individual’s compromised email account. The sender’s domain (sdis34[.]fr) was a department of fire rescue in Southern France.
Clicking on the Google and Office 365 buttons led the victims to specially crafted Google and Microsoft phising pages that asked for the victim’s credentials.
The phishing pages were hosted on the “greenleafproperties[.]co[.]uk” domain, which was updated in April 2021. The URL has currently redirected to ‘cvgproperties[.]co[.]uk.’
Below are the key findings for this campaign:
(SecurityAffairs – hacking, phishing)