Microsoft recently warned its users of a peculiar phishing attack. Hackers are running a phishing campaign where they bluff users with custom 404 pages. This campaign is very effective as hackers can easily create an unlimited number of phishing web pages. This attack was discovered by security researchers who were analyzing phishing emails. After which Microsoft Security Intelligence tweet the details of the phishing campaign.
What are These Phishing Emails?
The phishing emails lands you to web pages that look like a legit Microsoft sign-in prompt. However, these are a phishing site, and many users accidentally enter their login credentials, which are then collected by the hackers. These pages are designed in a careful manner to imitate real-life legit Microsoft websites.
But these phishing web pages are non-existent links. But they do not display the typical ‘404 not found’, error message. Security researchers believe that this method opens up lots of ways for hackers to exploits and they can create a lot of random phishing URLs with randomizing domains.
What are Custom 404 Pages?
Hackers can design a custom 404 pages in various ways. However, according to Bleeping Computer, these Microsoft phishing pages are designed using Firebase. This phishing campaign can also be used to exploit Microsoft Azure Storage as well.
The sad news is it is very hard for Microsoft to soft these custom phishing pages. Hence, it is the responsibility of users to beware of such attacks. You need to make sure that you carefully view each email you receive. We suggest that you verify the site twice before entering your login credentials. One of these ways is by checking if the email is sent by an authentic Microsoft account and there is security on the website.