Researchers warn of a new, large-scale phishing campaign targeting users of Microsoft Outlook email services.
ThreatLabz’s team discovered the new phishing kit and said it uses an adversary-in-the-middle (AiTM) model, which can be effective for evading detection by email and network security protections, as well as circumventing multi-factor authentication protections.
ThreatLabz researchers said they discovered several newly registered domains used in the active phishing campaign.
“The campaign is specifically designed to target end-users in companies using Microsoft’s email services,” according to the ThreatLabz report on the new phishing campaign. “Business Email Compromise (BEC) remains an ever-present threat to organizations, and this campaign reiterates the need to protect against such attacks.”