Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Cloud Services Abused by Clever Phishing Campaign
  • Cyber Attacks
  • Data Breach

Cloud Services Abused by Clever Phishing Campaign

6 years ago David Bisson
Cloud Services Abused by Clever Phishing Campaign

Security researchers detected a clever new phishing campaign that abused three enterprise cloud services in an attempt to steal victims’ credentials.

On July 18, Bleeping Computer revealed that the phishing campaign’s attack emails claimed to originated from the domain “servicedesk.com.”

The computer self-help site took a closer look. In the process, it found that those responsible for the campaign had sent the email through the intermediary “cn.trackhawk.pro.” This technique helped the attack emails evade detection:

As Bleeping Computer noted in its analysis:

In most email spoofing scenarios, a mismatch between the “From:” email domain and the domain listed in the bottommost “Received:” header is a red flag.

In this campaign, the domain “servicedesk.com” is used in the “From:” (envelope) address matches the domain listed in the last “Received:” header, making it more easily bypass spam filters.

Because “servicedesk.com” returned timeouts but “cn.trackhawk.pro” correctly responded to pings, Bleeping Computer reasoned that the authors of the campaign had likely sent out the emails through the latter domain but had injected the forged “Received: from servicedesk.com …” header at the bottom.

Each of the phishing campaign’s attack emails pretended to be a notification from a help desk informing the recipient that they had undelivered messages. It then asked them to click one of two embedded buttons in order to free up space in their inboxes.

Phishing email pretending to be from an IT support desk (Source: Bleeping Computer)

Either of these buttons redirected the user to a phishing site hosted on Microsoft Azure, Microsoft Dynamics or IBM Cloud. Upon receiving a set of email credentials, the phishing site redirected the user to another page that informed them that their account was in the process of updating. It then eventually redirected the user to a domain associated with their email account.

The campaign described above highlights the need for organizations to defend themselves against phishing attacks. One of the ways they can do this is by training their employees to spot the latest phishing attacks that are circulating in the wild.

The post ” Cloud Services Abused by Clever Phishing Campaign” appeared first on TripWire

Source:TripWire – David Bisson

Tags: Cloud, Encryption, Microsoft, Phishing, TripWire

Continue Reading

Previous Are You Ready To Automate Your Cloud Account Security?
Next 21-Year-Old Cypriot Hacker Extradited to U.S. Over Fraud and Extortion Charges

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

1 hour ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

4 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

6 hours ago [email protected] (The Hacker News)
  • Data Breach

[Webinar] The Smarter SOC Blueprint: Learn What to Build, Buy, and Automate

21 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

21 hours ago [email protected] (The Hacker News)

Recent Posts

  • The First 90 Seconds: How Early Decisions Shape Incident Response Investigations
  • Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers
  • Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions
  • CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
  • http://thehackernews.com/2026/02/docker-fixes-critical-ask-gordon-ai.html

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT