Cybercriminals like to subvert legitimate online services like Google Docs and Dropbox to carry out their malicious activities.

The free website hosting company Wix is the latest addition to the list of services they’ve abused.Researchers from security company Cyren found that scammers were creating phishing sites designed to harvest Office 365 login credentials via Wix, which offers a simple click-and-drag editor for building web pages.

As typically happens with free services, the criminals are taking advantage of these tools to carry out their operations.[ 4 top disaster recovery packages compared. | Backup and recovery tools: Users identify the good, bad, and ugly. ]
The phishing site looks like a new browser window open to an Office 365 login page.
In fact, it’s a screenshot of an Office 365 login page with editable fields overlaid on the image. Users would think the site is legitimate and enter the login credentials, except the information is entered into the fields on the overlay and not the actual Office 365 page.To read this article in full or to leave a comment, please click here

Leave a Reply