Microsoft reveals attacks based on phishing-as-a-service operation: Here’s how to stay safe
Microsofthas revealed an investigation of a large-scale phishing-as-a-service operation.
- These service providers enable attacks on users by selling
phishing kitsto its customers.
- Microsoft recommends some practices to
counter phishing attacks.
AdvertisementIn a recent revelation, Microsoft unearthed a large-scale phishing-as-a-service operation called BulletProofLink or Anthrax. As per the company, the service provider sells phishing kits, email templates and other services to enable attacks on users via email and brand-impersonating websites.
In a blog post by Microsoft 365 Defender Threat Intelligence Team, the company explains how phishing attacks are enabled by phishing-as-a-service operators, their infrastructure and the economy of such scams. Their customers are scammers and attackers who use these services in either one-off or monthly subscription-based business models
Like any service provider, phishing operators who work with interchangeable aliases like Anthrax, BulletProftLink offers its customers ready-to-use phishing kits for single payment. It also offers a host of services like a software-based service provider like template creation, website creation and hosting, and overall organisation of the phishing scam.
Many of these service providers offer their customers fully undetectable links that claim to remain viable until the users click on it. The templates that are sold avoid detection while phishing for credentials, such as login passwords.
Microsoft claims that Defender for Office 365 protects its customers from phishing attacks such as those enabled by BulletProofLink.
How to counter phishing attacks:
- Enable multi factor authentication and blocking sign-in attempts from legacy authentication.
- Use anti-phishing policies to enable mailbox intelligence settings.
- Configure impersonation protection settings for specific messages and sender domains.
- Enable SafeLink in Defender for Office 365 to ensure real-time protection by scanning at the time of delivery and at the time of click.
Realme Narzo 50 to Samsung Galaxy M52 5G — phones launching in India this month
You can now record apps that are spying on you using iOS 15
Here’s how to create more space in Google Drive
Popular on BI
- Bengaluru cafe blast: Karnataka CM Siddaramaiah to chair meeting with top police officials today
- India retains full policy space for benefit of farmers, fishermen at WTO: Goyal
- Sensex, Nifty settle at new closing high levels in first part of special live trading session
- Passive Income Streams
- Gas stoves create more nanoparticle pollution than a busy street with diesel and gas cars, study finds