Data theft remains a huge concern in the online world, and the latest threat, to rock Microsoft users in particular, is Greatness, a phishing-as-a-service provider tool which is mimicking a Microsoft 365 login landing page to steal user credentials.
This highly sophisticated tool was first created in the middle of 2022 and in a relatively short time, Greatness has gained a lot of malicious users.
Companies in the UK, Australia, Canada, the United States and South Africa have fallen victim to this phishing scam, and the specific industries that are being affected cover a wide area and include construction, finance, healthcare, real estate, manufacturing and education, all industries with plenty of sensitive data.
How Greatness Works
The setup is so simple that any criminal can use it, which is a huge part of the problem as it gives even entry level hackers the opportunity to steal. Hackers need only log into the tool, supply it with their unique API key and give the tool a list of the email addresses that they wish to target. From there the hacker can create a personalised email message, one that sounds authentic and Greatness will do the rest.
For those that are unfortunately duped, the tool will be triggered when the attachment is opened, and after that a landing page will be created. The page is automated, and it will use the target’s log and a background image, easily mimicking a Microsoft 365 login page. Not only will the page look legitimate, but it will also be filled with the right email address, which can further make the target believe that everything is in order.
The fake landing page is actually a smokescreen of sorts, and it sits between the user and the actual Microsoft 365 account login page. It is pretty simple from there, as the user will enter their personal information to access what they think is their Microsoft account, and in reality they will be sending their information directly to the hacker who will then be able to log into the account and steal what they like.
You might be thinking, but what about the multi-factor login authentication that Microsoft has in place to secure accounts?
Greatness is a sophisticated tool, as we said, and its developers have found a way to sidestep this security by accessing the authentication popup and requesting the MFA code. The user essentially won’t realise that they are sharing their security code. When the user enters the code, the hacker will access the session via Telegram, work around the MFA and gain access.
At this point, Greatness is being used almost exclusively to steal data from Microsoft 365 accounts. And this is precisely why Microsoft is raising the alarm.
To avoid being scammed by a tool like this, it is important to always be cautious when entering your details on just any sort of landing page. Whenever you receive an unusual looking email, it is worth taking the time to Google the address and to try to find out if it is something legitimate. And if you are not expecting an email that will prompt you to log into your Microsoft 365 account, don’t enter your details on just any attachment. You should also always make sure that you are running the most up to date version of whatever antivirus programme you have installed.
*
At 24/4 IT Services, we provide a range of general and specialist services to our clients, including IT security solutions. If you need to relook at your IT security setup, you can contact our team today to request a quotation or a consultation.