Read Time:35 Second
Security researchers from Microsoft have uncovered a large-scale phishing campaign that uses HTTPS proxying techniques to hijack Office 365 accounts. The attack is capable of bypassing multi-factor authentication (MFA) and has targeted over 10,000 organizations since September 2021.
The goal of the campaign seems to be business email compromise (BEC), a type of attack where an employee’s email account is used to trick other employees from the same organizations or external business partners to initiate fraudulent money transfers. According to the FBI’s Internet Crime Complaint Center (IC3), BEC attacks have led to over $43 billion in losses between June 2016 and December 2021.