Google Ad Services redirection allows this phishing campaign to bypass secure email gateways.
This campaign has been observed in multiple organisations and uses a number of advanced techniques, including a Google Ad Services redirection, to try to access the login credentials of employees.
Google Ad Services redirection
To ensure that users click on their phishing email, the attackers have a Google Ad Services redirection suggests that they may have paid to have their URL authorized source to go. This also helps to get the emails from the campaign easy to bypass secure email gateways provided by organizations used to prevent phishing attacks and other online scams.
After the updated policy is the user is re-routed to a Microsoft login page that pretends to be the official Office login page 365. If an employee enters his login credentials on this page and “Next” clicks, the cyber criminals have their Microsoft login details and their account was hacked.
To make users think that they not only have entered their login details, another box with the text “We have updated our terms” with a button “Finish” under this post.
This phishing campaign uses many clever tricks to steal users’ login credentials. Therefore, users should be extra careful when opening emails that appear to come directly from an official source and ask them to log in to one of their accounts.
This article originally appeared on Tech Radar.