Microsoft detailed this Thursday (12), how an unusual phishing campaign uses Morse code to obtain usernames, passwords and other valuable personal information. The company compared the complex technique used in the blow to a puzzle.
Cybercriminals trick people into downloading an XLS.HTML attachment, which most people mistake for an Excel file. The file opens a fake Microsoft 365 login screen or that simulates the company page the potential victim works on. These details increase the effectiveness of the social engineering bait and suggest that there is prior target recognition.
If someone enters your password, they will be informed that the information is incorrect, regardless of its validity. Then the attacker obtains the victim’s password.
Phishing Campaign Complexity
Microsoft points out that the phishing campaign is sophisticated in some important respects. First, its components are separated into parts. These pieces are coded with a mix of old and new techniques, including Morse code. Finally, some of the segments are not in the file attachment that the campaign uses, they are in open directories that can be called by coded scripts.
Individual segments of the HMTL file may appear harmless at the code level. As a result, they are not detected by conventional security solutions. Malicious intent is only revealed when all segments are put together and properly decoded.
how to avoid the attack
Microsoft recommends a number of actions that can reduce the possibility and even prevent a phishing attack, such as enabling mail flow rules to remove .html, .htm or other file types that are not necessary for business .
The company also asks to adjust the antispam filters only for known domains and IP addresses and to activate the safe attachments policy in the antivirus program for the emails.
Passwords should not be reused across different accounts and whenever possible it is recommended to use multi-factor authentication (MFA) to access important systems. Microsoft emphasizes that it is critical to require MFA access to the remote working device via VPN.