From darkreading.com
Thousands of Microsoft 365 credentials have been discovered stored in plaintext on phishing servers, as part of an unusual, targeted credential-harvesting campaign against real estate professionals. The attacks showcase the growing, evolving risk that traditional username-password combinations present, researchers say, especially as phishing continues to grow in sophistication, evading basic email security.
Researchers from Ironscales discovered the offensive, in which cyberattackers posed as employees at two well-known financial-services vendors in the realty space: First American Financial Corp., and United Wholesale Mortgage. The cybercrooks are using the accounts to send out phishing emails to realtors, real estate lawyers, title agents, and buyers and sellers, analysts said, in an attempt to steer them to spoofed Microsoft 365 login pages for capturing credentials.