Credential harvesting is one of the most popular attack forms out there. It's simple. Get a user to click on a link. At the link, get them to enter their information. Boom-stolen credentials.

The below attack is a fairly straightforward credential harvesting attack. What's interesting is that while it takes the end-user to a Microsoft login page, the attack itself is missed by Google. 

Here's what it looks like:


Should the user click on the HTML file, they'll get directed to this spoofed Microsoft login page:

A number of checks failed when analyzing this email:


Subscribe to Our Attack Briefs for More Research