Attackers used a phishing campaign that spoofed Xerox scan notifications to trick victims into clicking on malicious HTML attachments, according to Check Point and Otorio researchers. But the hackers unintentionally left more than 1,000 corporate credentials available online that were stolen by bypassing Microsoft Office 365 Advanced Threat Protection filtering.
More from Check Point:
- The attackers exposed the stolen credentials on compromised WordPress websites used as drop-zone servers that are searchable by Google.
- Once the victim clicked on the malicious HTML attachment in the phishing email, a JavaScript code ran in the background of the document, leading to the theft of credentials.
- The researchers found that construction was the most targeted industry, making up 16.7% of attacks, followed by energy at 10.7% and IT at 6%.
