Microsoft Office has become a major target for cybercriminals in recent months. You need a Microsoft Account to log in to Office, and stolen accounts can be used by hackers to lock you out of your PC or access your email and cloud storage.
Malicious Office documents can also be used to hack your computer. By exploiting security flaws in the app, hackers can access your computer remotely and plant more malware. Tap or click here to see how to protect yourself from malicious documents.
One of the most common ways cybercriminals crack your Microsoft Account is through fake websites that look like Microsoft owns them. Anti-phishing software is getting better at detecting them, so scammers are implementing a sneaky new tactic to trap more victims.
Scammers are inverting colors on landing pages to evade detection
Anti-phishing tech is getting better at stopping phishing sites before they have a chance to trick victims. These web crawlers use image recognition software to flag malicious sites and block them, but a new phishing campaign uses a creative way to stay undetected.
Researchers from WMC Global Analysis have discovered a Microsoft Office phishing campaign that uses color inversion to dodge image recognition software. The campaign mimics a legitimate Microsoft Account login page but flips colors to negative to avoid matching known patterns.
This sounds like it would make the pages easier for victims to spot, but scammers have another trick up their sleeves. They also use a CSS code over the website to flip colors back to normal without victims noticing. CSS is a type of style sheet or code used by web designers to change a website’s appearance.
Recent updates to Microsoft Office have changed the login background look, but scammers thought of that, too. WMC Global Analysis discovered that the same threat actors are using a version of their landing page with the new background.
If I can’t tell that the background image is inverted, how can I protect myself?
To stay safe from this scam, you have to use the same precautions you’d use with any other phishing site. Watch for red flags and follow these tips to avoid getting tricked:
- The most common Office phishing scams trap victims through email links. Avoid opening emails from unknown senders and always check the URLs and sender fields closely. Be cautious even if the email claims to be from Microsoft.
- Avoid clicking on links inside emails. If you’re browsing the web, stick to familiar websites and avoid wandering off the beaten trail. Random websites should not be asking you to log into your Microsoft Account.
- Avoid opening attachments sent by email — especially Office documents. If an email with an attachment looks like it was sent from someone you know, confirm that they actually sent it.
- Use strong passwords without including personal information or common words. Never reuse a password between your other accounts. Tap or click here to see how to create better passwords.
- Enable two-factor authentication for any account that supports it. Tap or click here to see how to set up 2FA for your frequently used online accounts.
- If you believe an Office phishing scam has already victimized you, follow Microsoft’s guide here to recover your account.
As realistic as these phishing sites look, they tend to appear in places they have no business, like through random email links or pop-up ads. If you stay cautious and avoid sharing your login carelessly, your account will be safe. These scams can only hurt you if you fall for them.