A Russian website designed for spear-fishing activities has been compromised to host a phishing page seeking to capture the log-in details for Outlook Web App.
The web page looks real, has high chances of success
Security researchers who observed the campaign discovered that it was targeted at recipients within universities and relied on a very realistic-looking fraudulent page that could fool unsuspecting students, faculty, or staff at the targeted educational institution into leaking their Outlook Web Access credentials to the attacker.
One difference that can be observed between the fake log-in page and the real thing is that the fraudulent one adds a field for providing the email address, whereas a legitimate log-in session requires only the username and the password to access the account.
It is important to note that this log-in information is in many cases the same for accessing other accounts. Proofpoint says that even if only one user falls victim to the scam, the attacker could obtain valuable information and possibly access to other resources; these could help them move laterally in the network and reach financial information or research data.
The security company did not mention the bait included in the spear-phishing email, but considering the quality of the fraudulent page, there is a high chance that it proved pretty good social engineering skills.
Users should always check the URL of a log-in page before entering the sensitive information, especially when the link comes via email, from an untrusted source.