This devious phishing campaign uses Indeed.com job searches to target Microsoft 365 accounts

A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system

(Image credit: weerapatkiatdumrong / Getty Images)

Imagine yourself as an executive casually browsing the state of the job market on Indeed, and you receive an email for a job listing that looks particularly interesting.

The email looks like it's from Indeed and there is a genuine Indeed link - nothing out of the ordinary in terms of emails you receive. You click on it. You’re routed through to the Microsoft 365 login page, you log in as normal, and you’re passed through to what looks like the website.

After lunch, you try to log in to your Microsoft 365 account so you can resume working on that very important document, but your password is incorrect. Strange. You definitely typed it in correctly, so you try again. Nothing.

Your account is gone

This latest phishing scam, uncovered by researchers at Menlo Security, is aimed at US executives in a wide range of industries from software to real estate.

This particular campaign can bypass the multi-factor authentication on Microsoft 365 account by stealing session cookies from a phishing site designed to look like the regular Microsoft login page.

EvilProxy is the platform used in this scam which essentially acts as a shifty middle man between the user and the genuine website. You may be wondering how a link from a legitimate Indeed email could set you up for phishing, and that's why this campaign sees a higher rate of success. The link has a weakness in it, known as an open redirect, which allows scammers to redirect you to their dodgy website through a legitimate looking link.

The real beauty of this scam is the use of legitimate Indeed links. As they are widely recognized as a reputable source they can often bypass spam filters and other security measures. Even as cybersecurity measures improve, hackers are getting more creative with the ways they are smuggling phishing emails through defenses.

Via BleepingComputer

More from TechRadar Pro

Looking to protect yourself? Here is the best identity theft protection software
The cybersecurity field is lacking hundreds of thousands of workers - and this new research shows us why
Take a look at our list of the best firewalls on the market

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but also likes to draw on his knowledge of geopolitics and international relations to understand the motivations and consequences of state-sponsored cyber attacks. Benedict has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham.