1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hackers are using this classic technique to hijack Microsoft 365

    From TechnologyDaily@1337:1/100 to All on Mon Aug 8 15:15:04 2022
    Hackers are using this classic technique to hijack Microsoft 365 accounts

    Date:
    Mon, 08 Aug 2022 13:56:14 +0000

    Description:
    Crooks are redirecting people from Snapchat and American Express to phishing landing pages.

    FULL STORY ======================================================================

    Open redirects, a classic weakness found in many of the worlds biggest web pages, are reportedly being used to steal login credentials for Microsoft 365 accounts.

    According to experts from security firm Inky, the method was used to send
    more than 6,800 phishing emails from Google Workspace, posing as Snapchat, in the last two and a half months. As for American Express, the team identified more than 2,000 phishing emails.

    Identity theft is one of the more popular cybercriminal activities, as the data can be successfully leveraged for other forms of fraud. AmEx moves fast, Snapchat lags

    Open redirects allow threat actors to use other peoples domains and websites as temporary landing pages, before sending the victims to the phishing page. That way, when the attacker sends a phishing email, the link in the emails body might look legitimate, further encouraging people to click.

    "Since the first domain name in the manipulated link is in fact the original site's, the link may appear safe to the casual observer," Inky says. "The trusted domain (e.g., American Express, Snapchat) acts as a temporary landing page before the surfer is redirected to a malicious site."

    After learning about the flaw, American Express took only a few days to patch things up, while Snapchat, although notified by the researchers more than a year ago, is yet to fix the issue. Read more

    These are the best endpoint protection services right now


    What is phishing and how dangerous is it?


    Everything you need to know about phishing

    "In both the Snapchat and the American Express exploits, the black hats inserted personally identifiable information (PII) into the URL so that the malicious landing pages could be customized on the fly for the individual victims," Inky added. "And in both, this insertion was disguised by
    converting it to Base 64 to make it look like a bunch of random characters."

    While the links may look legitimate, there is a way to spot the fraud, Inky explains. When a user receives such an email, they should inspect the hyperlink for things such as "url=," "redirect=," "external-link," or "proxy" strings or multiple occurrences of "HTTP", as these will likely show that its a redirect.

    Website owners should also set up redirection disclaimers, forcing users to click before being redirected to external sites. These are the best security keys right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hackers-are-using-this-classic-technique-to-hij ack-microsoft-365-accounts/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)