Microsoft 365 login pages may hide phishing attack

New Microsoft 365 login pages already being used for phishing scams, company says

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas warned that hackers are already including the company’s latest software updates and releases into online scams.

The company says it has detected a number of phishing campaigns that utilise updated branding from the new versions ofMicrosoft 365and the company’s Azure cloud platform.

These scams are being used to try and trick victims into giving away their personal or login details to the services, which can then be either sold on by the criminals, or used to gain access to potentially lucrative business networks.

Microsoft phishing

“Office 365 ATP data shows that attackers have started to spoof the new Azure AD sign-in page in multiple phishing campaigns,” Microsoft said ina tweet. “We have so far seen several dozens of phishing sites used in these campaigns.”

Microsoft 365saw a major overhaul back in March aimed at making the service a lot more personal for users.

The upgrade included re-branding existing consumer-facing Office 365 subscriptions under the Microsoft 365 umbrella, with new Personal and Family plans launching in April.

Popular Microsoft 365 software offerings including Excel, Outlook PowerPoint and Teams were given a significant number of new tools and updates, with users also promised even more new additions coming soon.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Microsoft also began rolling out a new sign-in process forAzure ADin April aimed at reducing the amount of bandwidth needed to access the service. The cloud computing platform has seen huge spike in usage due to the global lockdown and the shift to remote working environment due to the coronavirus pandemic outbreak.

Due to the sheer size of its customer base, Microsoft is often a popular choice for phishing campaigns, with users a regular target for hackers.

Most recently, security researchers uncovered a phishing scam utilising fake email alerts that spoofMicrosoft Teamsfile share and audio chat notifications, with as many as 50,000 emails detected.

ViaBleepingComputer

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set