Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Phishing attacks on Microsoft 365 accounts are peaking right now; users advised to pay close attention to emails
Phishers are using the highly efficient Greatness kit to sabotage accounts.
3 min. read
Published onJanuary 30, 2024
published onJanuary 30, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
This shouldn’t come as a surprise, but phishing attacks on Microsoft 365 accounts are peaking right now, according toa recent reportpublished by the cybersecurity company Trustware, where researchers there agreed that the platform is targeted by accounts using the Greatness phishing kit, which is known to be fairly easy to use, cheap, and efficient.
Trustwave SpiderLabs is tracking a spike in usage of the Greatness phishing kit to attack Microsoft 365 users to distribute malicious HTML attachments that steal login credentials.
The Greatness phishing kit is a relatively new platform developed by a threat actor known as “fisherstell”. It has been around since 2022, but the cybersecurity company has noticed the spike in its usage to sabotage Microsoft 365 accounts over December 2023, and January 2023.
Microsoft 365 has always been one of the most popular platforms for cybersecurity attacks, and in 2022, over80% of the accountson the platform were the subject of some sort of phishing attack. So, while this is not a surprise for the users, they are advised to pay close attention to any suspicious-looking emails, as the kit’s easy-to-use method might have made thousands of victims already.
The number of victims is unknown at this time, but Greatness is widely used and well-supported, with its own Telegram community providing information on how to operate the kit, along with additional tips and tricks. The Greatness kit being used during this recent surge in attacks represents the latest HTML phishing iteration we’ve observed deployed.
How to recognize a Microsoft 365 Greatness phishing attack?
The Greatness kit allows for customizable email elements, such as names, email addresses, subjects, messages, attachments, QR codes, and engagement metrics. Plus, the kit also has systems that allow it to bypass detection measures.
Hackers are paying approximately $120 per month to use the kit, which allows for an effective emulation of various reputable services, such as imitating official Microsoft accounts.
So, users will have to pay attention to:
In any case, users shouldn’t open attachments in suspicious emails. Verifying and validating them with upper management is the best solution. Organizations should also consider adding an extra layer of protection by using cybersecurity tools.
More about the topics:Cybersecurity,Microsoft 365
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
He’s always curious and ready to take on everything new in the tech world, covering Microsoft’s products on a daily basis. The passion for gaming and hardware feeds his journalistic approach, making him a great researcher and news writer that’s always ready to bring you the bleeding edge!
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Flavius Floare
Tech Journalist
Flavius is a writer and a media content producer with a particular interest in technology, gaming, media, film and storytelling.
