GRF Highlights Office 365 Credential Harvesting Campaigns in Fifth Bimonthly Report

RESTON, VA – June 19, 2018 – Global Resilience Federation has released its fifth bimonthly report in a series that covers trending threats in cyber and physical security.

The fifth report outlines and analyzes Office 365 credential harvesting campaigns, detailing common campaign stages and mitigating best practices. This is the latest report from GRF, a provider of support to ISACs and ISAOs which work to protect member organizations against cyber and physical risks.

As more businesses migrate to enterprise level online services, threat actors have adapted by combining professional-seeming phishing emails with credential harvesting landing pages that mimic legitimate login portals. By not leveraging malware, threat actors are more able to bypass organizations' security filters. This attack method has increased in frequency and can be leveraged for Business Email Compromise scams for financial gain or theft of intellectual property, among other concerns.

GRF affiliated communities receive detailed information and analysis on timely topics in the bimonthly TLP Amber reports. When a report topic is selected, GRF staff investigate significant open source events, provide custom analysis, and compile detailed data and intelligence from member communities. The final product offers a unique set of industry perspectives on a trending security issue.

Outside organizations interested in this report may request a redacted TLP White copy through the contact page on Please request using a business email address.


Global Resilience Federation (GRF) is a non-profit hub for support, analysis, and multi-industry intelligence exchange between ISACs and ISAOs, each of which facilitates cyber and/or physical intelligence sharing. GRF’s mission is to help assure the resilience of critical and vital infrastructure against threats that could significantly impact the orderly functioning of the global economy. GRF members include Financial Services ISAC, Legal Services ISAO, Energy Analytic Security Exchange, Multi-State ISAC, National Retail Federation's Retail ISAO and Retail Cyber Intelligence Sharing Center, among others. GRF is also engaged with CERTs and other bodies around the world that seek to protect certain regions and industries. Formerly the Sector Services division of FS-ISAC, GRF was created as an independent non-profit organization in May 2017. Learn more at or by visiting @GRFederation on Twitter.

Chad McAuslin