Microsoft Office 365 phishing avoids detection with Lego HTML parts
A recent phishing campaign used a smart trick to deliver the fraudulent webpage that collects Microsoft Office 365 credentials by building it from pieces of HTML code stored locally and remotely.
Hidden building blocks
Victims received an email with just an attachment claiming to be an Excel (.XLSX) file about an investment. In reality, the file is an HTML document with a piece of URL encoded text.
In one, the researchers found the start of the phishing page and code that validates the victim’s email and password.