Friday, May 2, 2025
HomeCyber CrimeHackers Using YouTube Links and Microsoft 365 Themes to Steal Logins

Hackers Using YouTube Links and Microsoft 365 Themes to Steal Logins

Published on

SIEM as a Service

Follow Us on Google News

Cybercriminals are executing sophisticated phishing attacks targeting Microsoft 365 users by employing deceptive URLs that closely resemble legitimate O365 domains, creating a high degree of trust with unsuspecting victims. 

The attackers leverage social engineering tactics, often claiming imminent password expiration, to induce panic and pressure users into clicking malicious links. 

Upon clicking, users are redirected to phishing pages designed to steal their O365 credentials, granting attackers unauthorized access to sensitive corporate data and potentially disrupting business operations.

- Advertisement - Google News

This phishing attack utilizes a deceptive email subject line incorporating the client’s name and a seemingly legitimate security identifier. The email body falsely claims the recipient’s password has expired, creating a sense of urgency. 

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

It contains a malicious button labeled “Keep [USER EMAIL] Access Active,” designed to redirect the user to a fraudulent website where they are prompted to enter their login credentials, allowing the attacker to steal their sensitive information.

Phishing Lure
Phishing Lure

Attackers employ social engineering tactics to trick users into clicking malicious links and obfuscate URLs by incorporating seemingly legitimate prefixes like “youtube.com” followed by obfuscation characters or using the “@” symbol to redirect users to malevolent domains while maintaining a facade of legitimacy. 

According to Cyderes, users are compelled to click on the links as a result of this deception, which may put their security at risk.

series of obfuscation characters like %20
series of obfuscation characters like %20

The observed malicious activity exhibits several notable indicators. Firstly, embedded URLs heavily utilize “%20” for HTML space encoding, suggesting obfuscation techniques. 

Secondly, URLs incorporate the “@” symbol to segment the URL, effectively discarding the preceding portion and treating the subsequent part as the actual domain. 

Finally, the domains employed within these URLs leverage redirectors and standard phishing templates commonly associated with known threat actors such as Tycoon 2FA, Mamba 2FA, and EvilProxy kits. 

In a typical URL structure, everything before the “@” symbol is considered user credentials. Browsers are designed to recognize this and redirect users to the domain after the “@.” 

For example, a URL like “youtube.com%20%20%20%20@testing123.net” would redirect users to “testing123.net” even though it appears to be linked to YouTube.

The technique deceives users into trusting the link because it leverages a legitimate service (YouTube in this case) within the URL and users might click the link without double-checking the actual destination.

Phishing emails often contain IOCs, such as suspicious URLs and subject lines as a phishing URL with the domain globaltouchmassage.net and a subject line mentioning “ACTION Required – [Client] Server SecurityID:[random string]”. 

To mitigate phishing risks, educate users to inspect URLs for unusual characters and be wary of urgent emails about passwords or accounts. Deploy URL filtering and blocklists to catch suspicious domains, and use Sandbox tools to analyze suspicious links safely.

Find this News Interesting! Follow us on Google NewsLinkedIn, and X to Get Instant Updates!

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...