There is a new phishing campaign going around, which leverages high-profile cloud services from Microsoft and IBM to feign legitimacy.
As recently reported by Bleeping Computer, the phishing campaign targets corporate employees, who receive an email warning that their inbox is full. Unless the issue is resolved, claims the fraudulent message, important emails could be lost.
The email contains two buttons: “RELEASE MESSAGES” and “CLEAN-UP CLOUD”. Both redirect the user to a legitimate Microsoft Dynamics 365 URL, but then to a phony landing page where victims are tricked into providing their login credentials.
The phishing landing page even has a “security” measure of its own. If the password entered does not match IBM Cloud’s password criteria (for example, it’s too short or doesn’t have both letters and symbols), it will return a “wrong password” error.
Once the victim types in a password that fits the criteria, they will be redirected to another fake page that appears to confirm the settings update, hosted on Microsoft Azure domain windows.net.
By using reputable services from big name brands, the cybercriminals responsible lend the scam an air of legitimacy, meaning victims are far more likely to give up their data.
The fact that domains hosted on both Azure and IBM Cloud receive SSL certificates by default only adds to the effect.