Microsoft has revealed an investigation of a large-scale phishing-as-a-service operation.- These service providers enable attacks on users by selling
phishing kits to its customers. - Microsoft recommends some practices to
counter phishing attacks .
In a blog post by Microsoft 365 Defender Threat Intelligence Team, the company explains how
Like any service provider, phishing operators who work with interchangeable aliases like Anthrax, BulletProftLink offers its customers ready-to-use phishing kits for single payment. It also offers a host of services like a software-based service provider like template creation, website creation and hosting, and overall organisation of the phishing scam.
Many of these service providers offer their customers fully undetectable links that claim to remain viable until the users click on it. The templates that are sold avoid detection while phishing for credentials, such as login passwords.
Microsoft claims that Defender for Office 365 protects its customers from phishing attacks such as those enabled by BulletProofLink.
How to counter phishing attacks:
- Enable multi factor authentication and blocking sign-in attempts from legacy authentication.
- Use anti-phishing policies to enable mailbox intelligence settings.
- Configure impersonation protection settings for specific messages and sender domains.
- Enable SafeLink in Defender for Office 365 to ensure real-time protection by scanning at the time of delivery and at the time of click.
Realme Narzo 50 to Samsung Galaxy M52 5G — phones launching in India this month
You can now record apps that are spying on you using iOS 15
Here’s how to create more space in Google Drive