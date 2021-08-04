At the end of last March, the team of researchers from Odix has identified a phishing campaign which used a link to the playback of the song Positions of Ariana Grande to steal the login credentials of Microsoft 365 to unsuspecting users. These credentials were then published in an RSS feed. The dynamic used for the phishing campaign is the traditional one.

A song by Ariana Grande at the center of a phishing campaign to steal Microsoft 365 credentials

Odix’s team discovered a phishing campaign aimed at stealing sign-in data from your Microsoft 365 account. Such a campaign uses as bait a link to the playback of the song Positions by Ariana Grande, a well-known American singer. The dynamics used is the traditional one. Users receive an email with a link to the audio playback of Ariana Grande’s song.

By clicking on the link, however, the audio is not played but, unknowingly, the user downloads a malware on your device. Such malware is capable of directing the user to the real phishing page. This page credibly simulates the Microsoft 365 sign-in screen. This steals the user’s login credentials.

How to avoid scams of this type

Odix highlights what are the main elements to follow to avoid this type of scams. First of all, it is appropriate update your security settings and apply patches. We must then inquire about the most common cyber threats, such as phishing, and avoid clicking on any link. Among the elements to consider also the use of legacy products for cybersecurity and always monitor the most innovative technological solutions to defend themselves.

