Bolster Discovers 21,000 New Fake Microsoft Sites

News recently broke that cybercriminals are using malicious emails and fake sites to trick victims into sharing credentials to access Microsoft Sharepoint applications. The fake sender addresses use variations of the word “referral” and use seemingly legitimate “.com” domains.


Through its tool CheckPhish.ai, deep-learning powered fraud prevention company Bolster was able to pull a screenshot of an example of a fake site that would give users the credential prompt.


Bolster has also discovered 21,000 more phishing sites mimicking Microsoft in just the past month.


Shashi Prakash, CTO of Bolster: “Microsoft is one of the most widely used brands for phishing campaigns. In the last 30 days, we have discovered more than 21,000 fake phishing sites using Microsoft products or logos. Almost 8,000 of them have “Microsoft” in the URL to try and give the URL more perceived legitimacy. The attached screenshot is one such example, and a link to our analysis is also included. This example includes the term “secureserver.net” in the URL and uses a fake Excel login page. The data also shows that this URL has hosted 28 different phishing sites, and the IP address has been used for 38 other phishing sites. To counter these attacks, companies create blocklists, but that method is outdated in today’s fast moving Internet age. The best way to nullify these types of attacks is to just take them down, and we do see more companies choosing that route because it is more effective and permanent.”


###