What you need to know
- Microsoft breaks down a unique phishing campaign that uses a mixture of new and old encoding methods.
- The campaign uses Morse code to encode links to avoid detection.
- Microsoft compares the phishing attack to a jigsaw puzzle because its components are separated to bypass normal security methods.
Microsoft details how an unusual phishing campaign works in a new security post (opens in new tab). As is the case with many phishing campaigns, its goal is to get people's usernames, passwords, and other valuable information. Unlike other campaigns, this new attack uses a combination of new encoding methods and Morse code.
The campaign aims to have people download an XLS attachment, which most people would assume is an Excel file. Instead, opening the file will launch a browser to a fake login screen for what appears to be Microsoft 365. The credentials screen will show a Microsoft logo and in some cases the company logo of a potential victim.
If someone enters their password, they'll be told that the information is incorrect (regardless of its validity). Then, the attacker obtains the victim's password.
The phishing campaign is sophisticated in a few key ways. First, its components are separated into pieces. Second, those pieces are encoded with a mixture of old and new techniques, including Morse code. Lastly, some of the segments aren't in the file attachment that the campaign utilizes. They're in open directories that can be called on by encoded scripts.
Microsoft compares how the campaign works to a puzzle:
The use of Morse code is a unique way to attempt to have the phishing campaign go undetected. Microsoft explains how Morse code is used in conjunction with other encoding methods:
Microsoft's security post outlines several ways to stay protected from this newly discovered phishing attack, including using Microsoft Defender for Office 365. The company also explains ways to mitigate and detect the attack.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org (opens in new tab).
"Microsoft's security post outlines several ways to stay protected from this newly discovered phishing attack, including using Microsoft Defender for Office 365. The company also explains ways to mitigate and detect the attack." And where are the links to said posts?
In the first sentence after the "What you need to know" list.
Get the best of Windows Central in in your inbox, every day!
Thank you for signing up to Windows Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.