New Outlook Themed Phishing Attack on Banking Sector

In this article, we are going to provide some information about the new outlook phishing attack targeting some employees working in the banking sector from Keepnet customers.

1-What is the new outlook phishing attack? How does it work?

Figure 1. The New Phishing Outlook Attack

When employees have clicked on the link in this email that has been sent (https://form.jotform.com/202433277464051), they are redirected to a fake Outlook Web Application. Employees, who have submitted their information into this fake website intending to update their password have taken an error message as soon as their login credentials.

Figure 2.The fake website that looks like the original outlook web application

However, in the background, all the login credentials have been taken over by the attackers. As a consequence of complaints received, the Keepnetlabs team have detected the fraud and the attackers have failed to pursue what they aimed for through their fake websites.

Should these criminals have been successful, they would not only penetrate into the systems but also they would make money selling this stolen data on the black market.

2-Which institutions have been targeted by this new outlook phishing attack?

3-How to Stop the New Outlook Phishing attack?

With each passing day, attackers create new fake websites that look like the real one. Follow the cybersecurity newsletter we publish weekly to stay up to date about evolving online threats.

  • Do not share your personal information

Do not send any personal information in response to an email sent to you.

  • Make sure the email content is not fake.

Except for the phishing attacks after a data leak, attackers use a generic language such as ”Dear Subscriber” or ”Dear Client” instead of emails containing users’ names.

  • Pay attention to the sender’s address.

Carefully review the email sender address, beware that it could be an expertly disguised fake address. Attackers make great efforts to “phish” users with similar characters or deliberate typos in domain names.

  • Try Phishing Simulation

Keepnet Labs Phishing Simulator sends benign emails to your employees against phishing attacks. It monitors your employees’ actions and reports them to you, allowing you to safely test them.

Keepnet Labs hosts more than 200 training in its cybersecurity training library. These trainings are in 8 different languages and consist of learning with games, video, micro-video, HTML5 and other interactive contents. With free security awareness training, it is much easier to turn into cyber agents that recognize and report cyber attacks.

Keepnet is an anti phishing solution and cybersecurity awareness training platform