New Outlook Themed Phishing Attack on Banking Sector

In this article, we are going to provide some information about the new outlook phishing attack targeting some employees working in the banking sector from Keepnet customers.

1-What is the new outlook phishing attack? How does it work?

Recently the attackers have planned to penetrate companies by sending a phishing email to the employees of banking institutions. The subject of the emails was ‘Your password expires today. To keep using your current password, click for the update. ‘ Through these emails, attackers have aimed to seize the login information of the email accounts.

Figure 1. The New Phishing Outlook Attack

When employees have clicked on the link in this email that has been sent (, they are redirected to a fake Outlook Web Application. Employees, who have submitted their information into this fake website intending to update their password have taken an error message as soon as their login credentials.

Figure 2.The fake website that looks like the original outlook web application

However, in the background, all the login credentials have been taken over by the attackers. As a consequence of complaints received, the Keepnetlabs team have detected the fraud and the attackers have failed to pursue what they aimed for through their fake websites.

Should these criminals have been successful, they would not only penetrate into the systems but also they would make money selling this stolen data on the black market.

2-Which institutions have been targeted by this new outlook phishing attack?

One may assume that the phishing attacks target personal data, passwords, bank account information, etc., yet attackers aim to use this information to make money and then get a ransom through the leaked data. In this attack, the attackers, who have the same purpose, targeted some employees of Keepnet customers who work in the banking sector.

3-How to Stop the New Outlook Phishing attack?

  • Always monitor and learn the evolution of phishing techniques

With each passing day, attackers create new fake websites that look like the real one. Follow the cybersecurity newsletter we publish weekly to stay up to date about evolving online threats.

  • Do not share your personal information

Do not send any personal information in response to an email sent to you.

  • Make sure the email content is not fake.

Except for the phishing attacks after a data leak, attackers use a generic language such as ”Dear Subscriber” or ”Dear Client” instead of emails containing users’ names.

  • Pay attention to the sender’s address.

Carefully review the email sender address, beware that it could be an expertly disguised fake address. Attackers make great efforts to “phish” users with similar characters or deliberate typos in domain names.

  • Try Phishing Simulation

Keepnet Labs Phishing Simulator sends benign emails to your employees against phishing attacks. It monitors your employees’ actions and reports them to you, allowing you to safely test them.

Keepnet Labs hosts more than 200 training in its cybersecurity training library. These trainings are in 8 different languages and consist of learning with games, video, micro-video, HTML5 and other interactive contents. With free security awareness training, it is much easier to turn into cyber agents that recognize and report cyber attacks.




Keepnet is an anti phishing solution and cybersecurity awareness training platform

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

5 Reasons Why Programmers Should Think like Hackers

Our Security Partner BlockSec launches Flash Loan monitoring system

{UPDATE} Тетрис: Triscolor классический Hack Free Resources Generator

BonFi — Token Sale

TELEGRAM Rewards! 💫

Lost Digital Photos: What Are the Odds to Win Them Back?

{UPDATE} WIB: TTS Cak Lontong Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Keepnet Labs

Keepnet Labs

Keepnet is an anti phishing solution and cybersecurity awareness training platform

More from Medium

Reducing fan noise and increasing battery life on an Intel-based Macbook

Day 6: Running and Testing AI Applications

The Push for Two-Factor Authentication

5 Practical Things for Beginners to AWS Cloud Security