New Threats to Microsoft 365 Accounts

Cybercriminals have discovered a new method for stealing Microsoft 365 accounts by utilizing Google Apps Script, as reported by TechRadar. This cloud platform, designed to automate tasks in Google services using JavaScript, has become a tool for phishing attacks.

Perpetrators send emails to victims containing fake invoices from Google. The links in these emails lead to script[.]google[.]com, creating an illusion of legitimacy. When the victim clicks on it, a message about the expected download appears. Clicking the button redirects the user to a counterfeit Microsoft 365 login page that closely resembles the actual one. The entered credentials go directly to the hackers.

To better cover their tracks, the scammers set up the page to redirect the victim to the real Microsoft 365 site as soon as the login credentials are entered.

Cybersecurity experts from Cofense have uncovered this scheme and are warning about its dangers. They advise against opening suspicious emails, especially those containing unexpected invoices from Google. It is also crucial to verify email addresses and websites to avoid falling victim to fraud.