Security researchers from Cloudflare have uncovered a sophisticated phishing technique that leverages trusted email protection tools to steal Microsoft 365 credentials.
By abusing link-wrapping services—commonly used by enterprises to scan and secure URLs—attackers are successfully disguising malicious links and bypassing traditional security filters.
The method begins with phishing URLs being shortened using public URL shorteners. These shortened links are then passed through legitimate link-wrapping systems, which are designed to rewrite URLs to make them appear safe. The final wrapped link is delivered via email and often appears to originate from a trusted domain, encouraging recipients to click without hesitation.
Once clicked, the link redirects the user through multiple stages before landing on a fake Microsoft 365 login page. These pages are designed to mimic legitimate login portals, capturing user credentials as soon as they are entered. The phishing messages typically pose as voicemail alerts or shared file notifications to increase urgency and credibility.
Because the phishing links are wrapped by reputable services, email filters often fail to detect them as threats. This makes the attack particularly effective, as users and automated systems alike are more likely to trust the source of the email.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
