Phishing is not a new term in the world of cybersecurity and cybercrime. During the Covid-19 pandemic, there have been several reports of phishing scams around the world. But recently, there have been reports of a phishing campaign to steal login credentials from Office 365 users. Office 365 is a product of Microsoft, which collaborates all the Microsoft Office tools online.
The phishing attackers have found a new and innovative way to avoid detection of their attacks. Authenticated users are directed to fake login pages from wherein the attackers can extract all login credentials that the user types into the page. The reason why these attackers have avoided detection is the simple process using which they had inverted the image present on the background. In recent times, such inverted images are used as a part of a phishing toolkit, firstly to replicate the original login pages as closely as possible, and secondly, to extract login credentials from unsuspecting users by making them fill up a fake login form.
As image recognition software is becoming more and more advanced, more and more techniques are coming up so as to avoid detection from such software. The latest innovation was to invert the image colors so that the hash code that makes up the original images differs very slightly from the original image. This makes the inverted images very hard to trace. Using this method, these phishing attackers manipulate unsuspecting users into giving their login credentials to the attackers.