Microsoft reveals attacks based on phishing-as-a-service operation: Here’s how to stay safe

Advertisement
Microsoft reveals attacks based on phishing-as-a-service operation: Here’s how to stay safe
Unsplash
  • Microsoft has revealed an investigation of a large-scale phishing-as-a-service operation.
  • These service providers enable attacks on users by selling phishing kits to its customers.
  • Microsoft recommends some practices to counter phishing attacks.
In a recent revelation, Microsoft unearthed a large-scale phishing-as-a-service operation called BulletProofLink or Anthrax. As per the company, the service provider sells phishing kits, email templates and other services to enable attacks on users via email and brand-impersonating websites.

In a blog post by Microsoft 365 Defender Threat Intelligence Team, the company explains how phishing attacks are enabled by phishing-as-a-service operators, their infrastructure and the economy of such scams. Their customers are scammers and attackers who use these services in either one-off or monthly subscription-based business models

Like any service provider, phishing operators who work with interchangeable aliases like Anthrax, BulletProftLink offers its customers ready-to-use phishing kits for single payment. It also offers a host of services like a software-based service provider like template creation, website creation and hosting, and overall organisation of the phishing scam.

Advertisement

Many of these service providers offer their customers fully undetectable links that claim to remain viable until the users click on it. The templates that are sold avoid detection while phishing for credentials, such as login passwords.

Microsoft claims that Defender for Office 365 protects its customers from phishing attacks such as those enabled by BulletProofLink.

How to counter phishing attacks:
  • Enable multi factor authentication and blocking sign-in attempts from legacy authentication.
  • Use anti-phishing policies to enable mailbox intelligence settings.
  • Configure impersonation protection settings for specific messages and sender domains.
  • Enable SafeLink in Defender for Office 365 to ensure real-time protection by scanning at the time of delivery and at the time of click.
SEE ALSO
Advertisement
Realme Narzo 50 to Samsung Galaxy M52 5G — phones launching in India this month
You can now record apps that are spying on you using iOS 15
Here’s how to create more space in Google Drive
{{}}