The new attacks are part of an ongoing phishing operation, dubbed the “Compact” Campaign, which has been active since early 2020. The campaign, which has already stolen an estimated 400,000 OWA and Office 365 credentials has now begun abusing new legitimate services in an effort to bypass secure email gateways (SEGs). As a result, Microsoft security experts have issues a warning: “Phishers continue to find success in using compromised accounts on email marketing services to send malicious emails from legitimate IP ranges and domains. They take advantage of configuration settings that ensure delivery of emails even when the email solution detects phishing.”
Attackers are camouflaging their emails as notifications from legitimate video conferencing services, various security solutions and productivity tools to increase the chances of their emails ending up in the victims’ main inbox. Inevitably, victims are more likely to click on links that seemingly come from their trusted domains.