An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning.
The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication (MFA) protection to hijack enterprise Microsoft accounts.
Post compromise, the attackers have been spotted logging into a compromised account to read emails and check the user’s profile information.
