Hackers Exploit Microsoft Copilot for Advanced Phishing Attacks

Hackers have been targeting Microsoft Copilot, a newly launched Generative AI assistant, to carry out sophisticated phishing attacks.

This campaign highlights the risks associated with the widespread adoption of Microsoft services and the challenges that come with introducing new technologies to employees, as per a report by Cofense.

Microsoft Copilot, similar to OpenAI’s ChatGPT, is designed to assist users with tasks such as transcribing emails and drafting documents in Microsoft Word.

However, its novelty has created an environment where employees may not be fully familiar with its features, making them more susceptible to phishing attempts.

The Phishing Campaign

1. Invoice Spoofing: Hackers send spoofed emails that appear to come from “Co-pilot,” often with fake invoices for services. Since Copilot is relatively new, employees may be unsure about their financial obligations, increasing the likelihood of interaction with these malicious emails. The emails are designed to closely resemble official communication, making it difficult for users to discern their legitimacy.

2. Sign-in Page Spoofing: Upon clicking the link in the email, users are directed to a fake sign-in page that mirrors the layout of Microsoft Copilot. This page is designed to lead users to believe they are accessing a payment dashboard, further convincing them that the process is legitimate. However, the URL reveals the page is not hosted on a genuine Microsoft domain, but rather on a domain like “ubpages.com.”

3. Credential Harvesting: The phishing site then prompts users for their login credentials in a convincing manner, using extensive Microsoft branding to legitimize the experience. A key indicator of fraud is the lack of a password recovery option, as threat actors cannot facilitate legitimate password resets.
4. Multi-factor Authentication Spoofing: After the credentials are entered, users are redirected to a fake Microsoft Authenticator multi-factor authentication (MFA) page. This serves to delay the user, potentially allowing the threat actors time to exploit the stolen credentials before they can be changed.

To combat these threats, companies need to educate employees about their use of new services like Microsoft Copilot.

This includes communicating whether these services are provided free of charge or will incur costs.

IT departments should distribute guidance that includes visual examples of legitimate communications to help employees identify potential phishing attempts.

By ensuring that employees are well-informed and aware of the official communications they should expect from Microsoft, workplaces can significantly reduce the risk of falling prey to such sophisticated phishing attacks.

As technology continues to evolve and incorporate more AI tools, vigilance and education are critical components in maintaining digital security.

The exploitation of Microsoft Copilot by hackers underscores the importance of keeping employees informed about the tools and services they use.

As businesses adopt more advanced technologies, they must also prioritize cybersecurity education to protect against emerging threats.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free.