The latest scam circulating these days around the Interwebs includes phishing Microsoft 365 users for their credentials, according to email security vendor Vade.
The technique — known as the right-to-left override (RLO) attack — goes back two decades, and it’s intended to trick Microsoft 365 users into clicking on a file attachment by disguising the file’s extension.
“If the user doesn’t pay attention to the extension and consider the context of the email to determine if it’s legitimate, it is easy to fall into the trap,” Antoine Morel, cybersecurity pre-sales engineer at Vade, told VentureBeat.
The old-new tactic
In the past, the RLO tactic has been used to disguise the “.exe” extension in a file, so that the user who thought they were opening a .txt file, for instance, actually opened a malicious executable file. These days, however, an RLO attack is meant to trick users with an MP3 file — which is presented as being a voicemail.
In one iteration of the attack, the attachment led the user to a webpage, where he/she was asked to enter their Microsoft credentials in order to access the voicemail.
As such, this kind of an attack should be easy to spot — yet the attackers are only looking for a few less tech savvy folks to trick them.
The numbers are growing
The problem is that the number and the breadth of RLO attacks has increased exponentially in the recent weeks. Each campaign consists of a set of emails that share unique characteristics with each other, and a single campaign can include hundreds or thousands of emails to users.
Also, most security vendors aren’t detecting the RLO attachments as malicious, and it is up to companies to increase the employees’ awareness of the trick. This is especially important in this new environment when many folks have started working from home, when it’s becoming common to login to Microsoft’s servers (Teams) for video conferences.
Microsoft on its end is warning users about this, with the company’s spokesperson saying they “encourage customers to practice good computing habits online, including exercising caution when clicking on links to web pages, opening unknown files, or accepting file transfers.”
The context
We have previously written about phishing as it continues to be a common, but often disastrous, form of cyber attack. According to Proofpoint, in the event of a successful phishing attack – 60% of organizations end up losing data, while 52% suffer a compromise of credentials or accounts. Meanwhile, 47% end up infected with ransomware as a result of a successful phishing attack.
So yes, you have to read those messages carefully in order to stay safe and not open attachments from people you don’t know. That’s common sense and it is our mission to help make it a common practice, as well. Stay safe.