10K Microsoft users targeted by FedEx and DHL phishing attack
Users of Microsoft Corp. email services are being targeted by a new phishing scam that sends fake messages pretending to be from FedEx Corp. and DHL International GmbH, threat researchers at Armorblox revealed.
The two email attacks, one which impersonates a FedEx online document share, and the other pretending to share shipping details from DHL Express, aimed to extract victims' work email account credentials. Phishing pages were hosted on free services like Quip and Google Firebase to trick security technologies, such as Exchange Online Protection (EOP) and Microsoft Defender for Office 365, and users into thinking the links were legitimate.