Microsoft 365 users need to be on their guard — new phishing campaign could cause some serious damage, and it’s being offered for sale for barely nothing to lure new criminals in

Greatness phishing kit comes with quite a few bells and whistles

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new report from Trustwave cybersecurity researchers SpiderLabs has claimed hackers are increasingly turning to the Greatnessphishingkit due to its advanced features, simplicity in use, and relatively low cost.

Greatness was developed by a threat actor going by the alias “fisherstell” and has been available since mid-2022, primarily targetingMicrosoft365office softwareusers.

Other hackers can rent the tool to get everything they need to launch a successful phishing campaign - from email generation, to anti-detection measures, to an active community happy to help.

Bypassing MFA

Bypassing MFA

To purchase a license, hackers would need to go to the tool’s Telegram channel and pay $120 a month, in Bitcoin. After that, they get customizable email elements where they can tweak sender names, email addresses, subjects, messages, attachments, and QR codes. They can also use features such as randomizing headers, encoding, and other obfuscation techniques aimed at bypassing email security filters and making it into the victims’ inboxes.

While all of the features probably sound enticing, it’s the price that makes all the difference, Trustwave hints. “This signifies the widening availability for anyone to launch phishing campaigns with a minimal charge of $120 per month in Bitcoin, lowering the barrier of entry for cybercrime,” the companysaid.

The kit is designed to target Microsoft 365 accounts credentials. It can even bypass multi-factor authentication (MFA) solutions, by asking victims for the codes sent to their phones and email addresses. Finally, the usernames and passwords that get extracted via this phishing attack get sent to the attackers through Telegram, once again.

To remain secure, Microsoft 365 users are advised to be careful when reading and reacting to emails, especially those that carry a sense of urgency (pending transaction, returning parcel, salary inquiries, etc.), or attachments which could bemalware.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

The M4 Mac mini has removable, modular storage – and an important SSD upgrade