Threat actors are abusing link wrapping services from well-known companies like Proofpoint and Intermedia to disguise malicious links that lead to Microsoft 365 phishing pages. This method involves exploiting legitimate email security features to bypass filters and deceive victims into revealing their login credentials. #Proofpoint #Intermedia #Microsoft365Phishing
Keypoints
- The attacker exploited URL security features from Proofpoint and Intermedia to hide malicious links.
- Compromised email accounts were used to distribute cloaked URLs that redirect to phishing pages.
- The threat actor employed multi-tiered redirects and URL shorteners to obfuscate malicious links.
- Fake notifications from Microsoft Teams and voicemail alerts were used to lure victims.
- The campaign increased success rates by disguising malicious destinations with trusted email protection URLs.