IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Proofpoint impersonator steal Microsoft, Google logins in phishing campaign

Clever hackers dodged Microsoft security by pretending to be a cyber security firm

Hackers impersonating cyber security company Proofpoint have launched a new phishing campaign targeting victims’ Microsoft and Google email credentials.

Researchers at Armorblox discovered emails claiming to contain a secure file sent via Proofpoint as a link. The problem was spotted at an unnamed global communications company with around 1,000 mailboxes at risk from the scam.

“Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google,” said researchers.

The email’s subject line was “RE: Payoff Request” and claimed to contain a mortgage-related file sent via Proofpoint along with an email footer exhorting the importance of confidentiality. Researchers said that adding “RE” to the email title is a tactic we have observed scammers using before — this signifies an ongoing conversation and might make victims click the email faster.

After clicking the pretend “secure” email link in the email, victims would then see a web page with the Proofpoint logo and spoofed login buttons for Google, Outlook, and Office 365.

“Clicking on the Google and Office 365 buttons led to dedicated spoofed login flows for Google and Microsoft, respectively. Both flows asked for the victim’s email address and password,” said researchers.

These pages were hosted the “greenleafproperties[.]co[.]uk” parent domain. The domain’s WhoIs record shows it was last updated in April 2021, according to researchers. They added the URL currently redirects to “cvgproperties[.]co[.]uk”. 

Related Resource

Prevent fraud and phishing attacks with DMARC

How to use domain-based message authentication, reporting, and conformance for email security

Prevent fraud and phishing attacks with DMARC - whitepaper from MimecastFree download

“The barebones website with questionable marketing increases the possibility that this is a dummy site,” researchers said.

According to researchers, phishing emails replicate existing workflows within organizations. “When we see emails, we’ve already seen before, our brains tend to employ System 1 thinking and take quick action,” they added.

The email managed to get past Microsoft email security, according to researchers. “This email had a Spam Confidence Level (SCL) score of 1, which means Microsoft determined the email was not spam,” said researchers.

Researchers recommended users subject any email to an eye test that includes inspecting the sender's name and email address, the language within the email, and any logical inconsistencies. They also recommended organizations deploy multi-factor authentication (MFA) on all business and personal accounts.

Featured Resources

AI for customer service

IBM Watson Assistant solves customer problems the first time

View now

Solve cyber resilience challenges with storage solutions

Fundamental capabilities of cyber-resilient IT infrastructure

Free Download

IBM FlashSystem 5000 and 5200 for mid-market enterprises

Manage rapid data growth within limited IT budgets

Free download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Recommended

How to recover deleted emails in Outlook
email providers

How to recover deleted emails in Outlook

25 Nov 2022
2022 IBM's Security X-Force cloud threat landscape report
Whitepaper

2022 IBM's Security X-Force cloud threat landscape report

22 Nov 2022
2022 Magic quadrant for Security Information and Event Management (SIEM)
Whitepaper

2022 Magic quadrant for Security Information and Event Management (SIEM)

22 Nov 2022
Seven realities facing SMBs as they enter a future of increased cyber threats
Whitepaper

Seven realities facing SMBs as they enter a future of increased cyber threats

21 Nov 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

14 Nov 2022
Windows users now able to run Linux apps and distros natively
Microsoft Windows

Windows users now able to run Linux apps and distros natively

24 Nov 2022