Microsoft 365 Defender Threat Intelligence Team has identified a new phishing vector.

A new phishing technique used by the hacker have been identified. In this approach, a hacker sends a well-crafted email to the user. If the user hovers over the address in the email received, he will see the legitimate and trusted website address in hover tag. Once the user clicks on the link, he is directed to Google's reCAPTCHA. reCAPTCHA is used to identify whether the user is a human being or a bot. This gives the confidence to the user that he is being directed to the legitimate website. The user is now taken to the phishing website which is a look alike of the original website.

the user is now made to enter his credentials twice through, under some pretext or the other, such as he has been ‘timed out’ or ‘incorrect password – re-enter the password’. This approach helps the hacker to validate the correctness of the credentials entered by the user. On entering the credentials, the user is redirected to the real site by the hacker using his stolen credentials. Neither the user nor the website owner comes to know that the credentials have been stolen. It is likely that the organisations whose open redirects are being abused are possibly unaware that this is occurring.

It is therefore essential that not only one should hover over the email address to rule out the phishing email but before entering any credentials check the URL in the address bar of the browser and click on it to see if it is getting highlighted.

Please click on LINK to see details full report.