Microsoft has warned Office365 customers of a widespread credential phishing campaign using open redirector links.

Redirector links are used to usually make one website be available with multiple addresses, the main address (EG “”) could also be accessed using a redirect link (EG “”) meaning if you clicked on the redirect link, it would send you to the primary address. These are used mainly if a website moves address and doesn’t want to lose traffic, they will set up their old address to be a redirect to the new address.

Attackers use these links alongside social engineering techniques in emails. The links redirect victims to a legitimate Google reCAPTCHA (The “I am not a robot” tests) page leading to a fake login page where credentials are then stolen.
In these attacks, attackers are using social engineering combined with a typical phishing email claiming to be the Office 365 sign-in page, accompanied by a Google Captcha to make it seem more legitimate.

These phishing campaigns aim to steal people’s Office 365 credentials and will often result in your emails being compromised. Attackers often create a rule that marks all emails received after the breach occurs as read and moves them into the junk folder. Meaning you won’t see any of the new emails that you receive. The purpose of the rule is to stop any automatic replies and bounce backs being seen by the user, while their compromised mailbox sends hundreds of malicious emails out to a list of stolen email addresses, gaining as much information as possible to either sell on the black market or to use it in identity fraud.

These types of attacks are the norm of modern criminal campaigns, with 3 billion phishing emails being sent daily and only requiring a few responses to make it a profitable business.

The main thing you can do to stop these attacks from affecting you is to educate yourself and others on the trends that phishing emails follow; poor grammar, spelling mistakes, a sense of urgency, and demands of funds when not logically needed, to name a few, education and knowing how to spot suspicious activity is one of the key parts in improving your resilience to attacks and a part that people often overlook.

Do you want to help protect your business from the growing threat of cybercrime? Provide your team with the education they need to help
protect your business from cyber-attacks like this one by clicking here