16 min read

The Compact Campaign

By WMC Global Threat Intelligence Team on 3/4/21 12:27 PM


Phishing campaigns continue to utilize the disruption of the pandemic to target victims, and a new campaign takes advantage of Zoom's rising popularity. Since December, the "Compact" Campaign has been targeting thousands of users by impersonating a Zoom invite and is estimated to have collected over 400,000 Outlook Web Access and Office 365 credentials. This campaign is unique in its use of trusted domains to ensure delivery of phishing emails and preventing phishing pages from being blocked. This is especially worrisome for organizations who will struggle to defend against this attack.

Topics: Phishing Phishing Kit Data Exfiltration Microsoft Office 365 Zoom
2 min read

Office 365 Phishing Uses Image Inversion to Bypass Detection

By WMC Global Threat Intelligence Team on 11/4/20 9:00 AM

Many detection engines crawl websites and follow links to determine whether a website is malicious or masquerading as another. The difficulty threat actors face combatting these advanced technologies is that their phishing websites must bypass the detection engine, while simultaneously gaining a victim’s trust by displaying images and themes that mimic the targeted website.

Topics: Phishing Microsoft Office 365 Image Inversion