1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These dangerous phishing attacks are more common than ever - here

    From TechnologyDaily@1337:1/100 to All on Wed May 10 17:00:04 2023
    These dangerous phishing attacks are more common than ever - here's what you need to know

    Date:
    Wed, 10 May 2023 15:51:50 +0000

    Description:
    Phishing with man-in-the-middle attacks are getting popular as they allow attackers to bypass MFA.

    FULL STORY ======================================================================

    Phishing campaigns, in combination with man-in-the-middle attacks, are extremely potent, and as such their popularity among criminals is surging.

    This is according to a new report from Cofense, which found instead of just one fake login page where theyd steal the credentials, the threat actors are luring victims to web servers capable of brokering the entire authentication process.

    That means, should the victim fall for the deception, theyd give the
    attackers more than just their login information (username and passwords ) - theyd also give them session cookies and thus allow them to bypass multi-factor authentication (MFA). Phishing threat

    With that in mind, the number of phishing emails reaching peoples inboxes
    grew by more than a third (35%) between Q1 2022 and Q1 2023. Of all the man-in-the-middle credential phishing attacks that reached peoples inboxes, almost all (94%) targeted Office 365 authentication.

    Finally, nine in ten (89%) of campaigns used at least one URL redirect, while 55% used two, or more.

    While these malicious landing pages might look almost identical to the authentic ones, there are some things the attackers simply cant copy. Employees should be aware of these things, and always keep them in mind
    before logging in anywhere - especially if the login link came from an email or a social media message. Read more

    Google is killing off passwords in favor of something new - here's what you
    need to know


    Everything you need to know about phishing


    Here's our list of the best firewalls around

    The easiest way to determine if the landing page is malicious is to take a closer look at the URL. The threat actors will try and get the URL to be as close to the original as possible, so look for any suspicious words, typos,
    or similar. Another way to determine if a landing page is after your
    sensitive data is to inspect the website certificate, as these are authorized by a certificate authority. Users should look for the padlock icon in the web browser, as that indicates the validity of the certificate and the security
    of the connection between the browser and the destination.

    The common name in the certificate of the legitimate website is microsoftonline.com. The common name in the certificate from the man-in-the-middle server has nothing to do with Microsoft at all, the researchers concluded. Check out the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-dangerous-phishing-attacks-are-more-commo n-than-ever-heres-what-you-need-to-know


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)