Microsoft’s newly updated sign-in pages have already been succumbed to phishing campaigns by attackers. The new sign-in page update was created in an attempt to lower the bandwidth requirements of the pre-existing Azure AD sign-in pages. Additionally, it allowed Microsoft users to more easily determine if they were the potential victims of outdated phishing tools. The Azure AD sign-in experience was updated at the end of February and released to consumers the first week in April, yet attackers have found ways to spoof these new pages.
Office 365 ATP data shows that within the short three months since the release, attackers implemented numerous phishing campaigns that incorporated the updated sign-in pages. Consumers should be aware of how quickly old threats can be modified to new ones. Specifically, Microsoft users should be on the lookout for any business emails delivered with the subject line ‘Business Document Received’ that contains attached PDF attachments. When recipients attempt to ‘Access Document’ they will be redirected to a phishing landing page that will perfectly mimic the new Azure AD sign-in page design. Azure AD and Microsoft 365 users should remain on constant alert of new threats to their personal information.