1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft 365 accounts are being targeted by new email scams

    From TechnologyDaily@1337:1/100 to All on Thu Aug 25 14:15:03 2022
    Microsoft 365 accounts are being targeted by new email scams

    Date:
    Thu, 25 Aug 2022 13:01:28 +0000

    Description:
    Attackers are using compromised email accounts to divert payments to their bank accounts.

    FULL STORY ======================================================================

    Cybersecurity experts are warning of a new, widespread business email compromise (BEC) campaign, which seeks to reroute large money transactions to bank accounts belonging to the attackers.

    The idea is simple in theory: the attackers would first compromise a business email account through the use of phishing. Then, theyll land into the inbox and lurk there, monitoring various email chains and threads, until they identify one where a wire transfer is being planned. Then, when the planning is done, and just before the victim sends the funds, the attacker will reply to the email chain asking for the funds to be sent elsewhere, saying the original bank account was frozen due to a financial audit.

    The attackers are reportedly stealing several million dollars per incident, and also use typosquatting domains to further trick the victims. Abusing DocuSign

    The campaign was spotted by researchers from Mitiga who were investigating an incident response case.

    It all starts with a phishing attack on the victims business email. Mitiga
    has found that this email is designed to look as if its coming from DocuSign, and that it usually carries a button saying Review Document. Targets that press the button will be redirected to a phishing page built to mimic a Windows domain login page. Then, with the assistance of a tool called evilginx2, the attackers are able to steal session cookies and thus bypass multi-factor authentication (MFA). Read more

    Business email attacks are now a multi-billion dollar industry


    Protecting your business from email compromise attacks


    Here are the best ID theft protection services out there

    Stealing session cookies to bypass MFA is not a novel practice, and
    businesses have started countering it by having the sessions last shorter.
    Its safer, but not as convenient, as users are required to re-authenticate more often on their endpoints . To solve this challenge, threat actors have started registering additional MFA devices to the compromised accounts, as this move doesnt trigger any notifications.

    However, MFA changes on user accounts can be tracked through the Azure Active Directory Audit Logs, the researchers concluded. Here's our list of the best firewalls today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-365-accounts-are-being-targeted-by-ne w-email-scams/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)