Phishing attacks are going after Corporate Office 365 users by using a trick to bypass email filters and the service’s default security protections.
The attacker sends out fake emails and makes the user think he or she sees one URL in the link, anti-phishing filters in another, and the actual link leading to a third, phishing URL.
The attackers take advantage of how Office 365 anti-phishing and URL-reputation security layers translate Punycode – a method for encoding domain names with Unicode characters.
“Punycode is a method added to the Domain Name System (DNS) in order to support non-ASCII characters within a web URL,” Avanan Chief Executive Gil Friedrich said in a blog post.
This Office 365 phishing attack aims exclusively at Office 365 business users.
The phishing form explicitly asks for credentials for the victims’ business email account, and most of the fake emails that lead to these phishing sites have been found within corporations that use Office 365 for their corporate email.