Proofpoint impersonator steal Microsoft, Google logins in phishing campaign
Clever hackers dodged Microsoft security by pretending to be a cyber security firm


Hackers impersonating cyber security company Proofpoint have launched a new phishing campaign targeting victims’ Microsoft and Google email credentials.
Researchers at Armorblox discovered emails claiming to contain a secure file sent via Proofpoint as a link. The problem was spotted at an unnamed global communications company with around 1,000 mailboxes at risk from the scam.
“Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google,” said researchers.
The email’s subject line was “RE: Payoff Request” and claimed to contain a mortgage-related file sent via Proofpoint along with an email footer exhorting the importance of confidentiality. Researchers said that adding “RE” to the email title is a tactic we have observed scammers using before — this signifies an ongoing conversation and might make victims click the email faster.
After clicking the pretend “secure” email link in the email, victims would then see a web page with the Proofpoint logo and spoofed login buttons for Google, Outlook, and Office 365.
“Clicking on the Google and Office 365 buttons led to dedicated spoofed login flows for Google and Microsoft, respectively. Both flows asked for the victim’s email address and password,” said researchers.
These pages were hosted the “greenleafproperties[.]co[.]uk” parent domain. The domain’s WhoIs record shows it was last updated in April 2021, according to researchers. They added the URL currently redirects to “cvgproperties[.]co[.]uk”.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
RELATED RESOURCE
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email security
“The barebones website with questionable marketing increases the possibility that this is a dummy site,” researchers said.
According to researchers, phishing emails replicate existing workflows within organizations. “When we see emails, we’ve already seen before, our brains tend to employ System 1 thinking and take quick action,” they added.
The email managed to get past Microsoft email security, according to researchers. “This email had a Spam Confidence Level (SCL) score of 1, which means Microsoft determined the email was not spam,” said researchers.
Researchers recommended users subject any email to an eye test that includes inspecting the sender's name and email address, the language within the email, and any logical inconsistencies. They also recommended organizations deploy multi-factor authentication (MFA) on all business and personal accounts.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
The state of email security 2023
Whitepaper Cyber risk commands the C-Suite's focus
By ITPro
-
Cloudflare enters the email security business
News New email routing and DNS Wizard capabilities make email management a breeze
By Praharsha Anand
-
Microsoft Outlook shows real contact details in some phishing emails
News Homograph attacks fool Microsoft's email software, researchers find
By Danny Bradbury
-
DuckDuckGo launches email privacy service
News The private search company will mask user addresses and remove email trackers
By Danny Bradbury
-
IT Pro Live: Adapting security to the 'new normal'
Sponsored Darktrace director Mariana Pereira explains how businesses can ensure they're well-defended
By IT Pro
-
What is PGP?
In-depth If you’re looking for a pretty good encryption standard, there are worse places to start
By Connor Jones
-
How to restore Outlook emails
Tutorials Knowing how to restore Outlook emails can save a lot of time and hassle for users
By Clare Hopping
-
Cancer scare hoax email hits thousands
News Sick message could plant virus on computer instead
By Rene Millman