The Attack of the Blob

Researchers have discovered a pair of nasty phishing campaigns that are making use of Microsoft's Azure Blob Storage in a bid to steal the recipient's Microsoft and Outlook account credentials.

Both campaigns are noteworthy in that they utilize well-constructed landing pages that have SSL certificates and a windows.net domain, which combine to make them look totally legitimate.

Given that most users don't pay close attention to the exact address they're navigating when they click on a link embedded in an email, these things are more than enough to fool many users. The first campaign relies on some basic social engineering to prompt the user to do something.

The subject lines vary a bit, but fundamentally they are called to action like: "Action Required: (user's email address) information is outdated - Re-validate now!"

Looks like a Microsoft landing page

The body of the email reinforces this point and helpfully contains a link to help you on your way to re-validating your account.  Clicking on the link doesn't raise suspicion because the landing page is a carbon copy of the Outlook Web App that's complete with a box that allows you to "validate" your password. Of course, what you're actually doing is giving your email password to the hackers, who then have unfettered access to your inbox and contact list.

The second campaign is the weaker of the two, although it's set up much the same way.  The subject line indicates that you need to take action to re-validate your Facebook Workplace service account, but when you click the link, you're actually taken to a clone of Microsoft's landing page. This was no doubt a mix-up on the part of the hackers and will be addressed in short order.

Our perspective

In any case, it pays to make sure your employees are aware of both of these, so they don't inadvertently wind up handing over the keys to their digital kingdom.


The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available at dwpia on LinkedIn, at dwpia on Facebook, and @dwpia on Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in managed IT support for smaller healthcare practices, clinics, insurance companies, and nonprofit companies in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance.

I am also a published author and speaker, working extensively with organizations that include: the State of California, the Federal Bureau of Investigation (FBI), the Small Business Administration (SBA), SCORE, Women's Business Centers, and Small Business Development Centers. As well as providing small business technology education programs through business and professional associations.

Contact me if you would like me to speak at your meeting.

Meanwhile, check out this report

Executive Report: 10 Hidden IT Risks That Might Threaten Your Business