Subj : Hackers are stealing Microsoft 365 accounts by abusing link-wrapp
To   : All
From : TechnologyDaily
Date : Mon Aug 04 2025 19:15:07

Hackers are stealing Microsoft 365 accounts by abusing link-wrapping services

Date:
Mon, 04 Aug 2025 18:04:00 +0000

Description:
Proofpoint and Intermedia are being abused in phishing campaigns that aim to 
steal people's Microsoft 365 credentials.

FULL STORY
======================================================================Crooks 
are using link wrapping services to entice victims into clicking The links 
redirect the victims to a fake Microsoft 365 landing page The campaign has 
been going on for at least two months 

Cybercriminals are abusing Proofpoints and Intermedias link wrapping service 
to bypass email protections, create convincing phishing emails, and 
ultimately - steal peoples Microsoft 365 credentials . This is according to 
cybersecurity researchers from Cloudflare, who have been observing such 
campaigns in the wild for at least two months. 

Proofpoints linkwrapping service, known as URL Defense, protects users by 
rewriting every inbound email link to route through Proofpoints inspection 
gateway before it reaches the actual recipient. When a person clicks a link 
in an email, it is evaluated in real-time (including sandbox detonation and 
reputation checks) and is only granted access if the link is deemed safe. 

But heres the catch: all original URLs are embedded within the encoded 
rewritten link (usually prefixed with urldefense.proofpoint.com) which, as a 
side-effect, creates a sense of security with the recipients, making it more 
likely they will actually click it. Active campaign 

Cybercriminals were seen creating brand new landing pages that mimic the 
Microsoft 365 login screen, and as such, are not yet flagged by security 
products. They would then shorten the URLs to those pages using popular URL 
shorteners such as Bitly. The next step is to break into email accounts 
already protected by Proofpoint, and use them to wrap the shortened URL. 

The final step is to distribute the shortened and wrapped URL, often through 
the very same email accounts that were compromised earlier. 

Cloudflare says its seen multiple attacks already, with crooks sending fake 
voice mail notification emails, and fake shared Microsoft Teams documents. 
Victims who dont spot the attack go through a chain of redirects, landing at 
a page where theyre asked for their Microsoft 365 login credentials. 

As a rule of thumb, links in emails should be carefully reviewed before being 
clicked, especially if the emails carry any sense of urgency with them. You 
might also like Everything you need to know about phishing Take a look at our 
guide to the best authenticator app We've rounded up the best password 
managers



======================================================================
Link to news story:
https://www.techradar.com/pro/security/hackers-are-stealing-microsoft-365-acco
unts-by-abusing-link-wrapping-services


--- Mystic BBS v1.12 A49 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.