1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft warns of elaborate new cybercrime scheme to steal your

    From TechnologyDaily@1337:1/100 to All on Fri Aug 27 17:00:04 2021
    Microsoft warns of elaborate new cybercrime scheme to steal your login details

    Date:
    Fri, 27 Aug 2021 15:41:12 +0000

    Description:
    An intricate phishing campaign combines several tools of the trade to trick users into revealing their credentials.

    FULL STORY ======================================================================

    Cybersecurity researchers at Microsoft have shared details of a
    comprehensive credential phishing campaign that uses open redirector links to lure users into clicking.

    Legitimate sales and marketing campaigns often rely on open redirects to
    track click rates and lead customers to a particular landing page.

    However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter. Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent, warn the researchers . Heres our list of the best password managers Weve also rounded up the best security keys Shield yourself with these best identity theft protection services

    While the abuse of open redirects isnt a novel approach, the attackers in the current campaign combine these links with social engineering tricks by impersonating popular tools and services to trick users to click the fake links. Hook, line, and sinker

    Unraveling the details of the campaign, the researchers say that the links lead to not one, but several redirects, and even throw a Captcha verification page, in a bid to fool users into thinking that the page is above-board.

    Once the users answer the Captcha, the attackers take them to the fake
    sign-in page of a legitimate service.

    The researchers suggest that phishing attacks make use of open redirects because a casual inspection of the URL from inside an email client will display a trustworthy domain name , encouraging users to click the link.

    Likewise, traditional email gateway solutions may inadvertently allow emails from this campaign to pass through because their settings have been trained
    to recognize the primary URL without necessarily checking the malicious parameters hiding in plain sight, reason the researchers.

    Another aspect of the campaign that shows the commitment of the threat actors behind it, is that it relies on a huge number of domains, at least 350 unique ones, which is another attempt at evading detection. These are the best data loss prevention services



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-warns-of-elaborate-new-cybercrime-sch eme-to-steal-your-login-details/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)