A new phishing campaign has seen attackers impersonate Microsoft in order to bait recipients into inadvertently exposing their account credentials. Victims are invited to add a message of condolence on an online memorial board "in memory of Her Majesty Queen Elizabeth II."
In actuality, the attackers are capturing Microsoft account details and attempting to gather the victims' multi-factor authentication (MFA) codes in order to take over their accounts. The phishing page was created with the EvilProxy phishing kit, which we recently talked about.
The activity of another threat actor discovered by the FBI includes sending phishing emails to financial departments of healthcare payment processors. Cybercriminals are combining multiple tactics to obtain employee credentials and to modify payment instructions. The FBI says that in just three such incidents in February and April of this year, attackers diverted more than $4.6 million from the victims to their accounts.
The Advanced Email Security pack for Acronis Cyber Protect Cloud stops phishing emails from reaching protected users' inboxes, preventing them from revealing their credentials in such attacks.