Outlook Web Access joins other webmail services as target.
Cloud storage services are being subjected to a phishing campaign in which hackers seek to steal people’s login details, according to the security vendor Proofpoint.
Users of Google Apps are allegedly under particular threat from the attackers, who have created spoof websites that plausibly mimic the legitimate services, enticing victims with the offer of annuities advice.
"Credential phishing remains a popular technique by malware campaigners, with Outlook Web Access credentials joining other webmail accounts as a frequent target," Proofpoint said, writing on the company’s blog.
"As the use of cloud-based documents becomes more and more widespread, phishing campaigners have also been leveraging this behavior as a lure for their messages, with some benefits for their credibility and effectiveness."
The spoof pages closely match the services they are trying to mimic, with the lack of a secure HTTPS connection and a different URL warning the careful user that something is wrong.
As part of the web page’s functionality users also appear to be offered the option to put in their credentials for Yahoo, Hotmail, AOL and any "other" email provider, a service not offered on any of the legitimate providers’ websites.
Once the details have been put in the victim even appears to log in to the service, and is presented with the document.
"This technique reduces the risk that a user will realise right away that something was amiss and gives the attackers more time to make use of the stolen credentials," Proofpoint said.
After an account has been accessed the hackers also steal the person’s contact list, which enables them to enact further fraudulent phishing attacks.
"Buying even a few hours gives the attackers more than enough time to leverage the victim’s stolen credentials to deliver the next round of messages," the company said.