Phishing for Office 365 credentials in images


Modern antiphishing and antispam solutions increasingly draw on a variety of machine-learning technologies. Using neural networks to analyze text makes them hard to fool, so attackers have turned to a simple but effective trick: placing the text in a picture. They then embed the image in a message body using Base64 encoding (typically, images in e-mail messages are hosted on an external website, and mail clients don’t load pictures in letters from outside the company). Most such letters are after users’ Microsoft Office 365 credentials.

Read more…