Microsoft has warned users that a new phishing campaign is trying to steal their credentials. It uses the name “Microsoft Credentials Collection” and attempts to trick users into installing a malicious tool that can steal credentials.
This new phishing campaign that has been hurting numerous organizations is targeting IT professionals, such as Microsoft and Microsoft partners. As a part of the scam, hackers pose as Microsoft employees and ask potential victims for their credentials. The goal of the victims is to retrieve sensitive data, such as email and billing users and passwords, like Hotmail and Live.com, and gain access to their accounts and networks.
He spent much of his time acquiring new talents and learning more about the computer industry, since he was passionate about technology, Windows, and anything that had a power button. Coming from a strong foundation in computer science,… Read more
- Microsoft is issuing a warning to its customers, urging them to take urgent steps to protect themselves.
- The Microsoft 365 Defender Threat Intelligence Team has identified a new phishing effort.
- These URLs are used with social engineering baits that imitate well-known productivity tools by attackers.
- Hackers utilize Google reCAPTCHA to prevent any dynamic scanning efforts, making everything seem normal.
The Redmond-based tech firm sent a warning to all of its users, encouraging them to take the necessary precautions to be safe.
Experts have been monitoring a massive credential-phishing effort based on open redirector URLs, while also claiming that it can protect against such attacks.
This is only one of many such methods tried by hostile third parties in recent months, so we should take this warning seriously and do all we can to safeguard our sensitive data.
Microsoft warns users about a new phishing scam.
Even while email redirect links are an important tool for sending users to third-party websites, tracking click rates, and determining the effectiveness of sales and marketing efforts, there are alternative options.
An open redirect occurs when a web application enables a user-supplied URL to be included in an HTTP parameter, causing the HTTP request to be redirected to the referenced resource.
Competitors may use the same approach to redirect such links to their own infrastructure while still maintaining the trustworthy domain in the complete URL intact.
This allows them to elude detection by anti-malware engines, even when users try to linger over links to look for suspicious information.
In a comprehensive blog post, the Microsoft 365 Defender Threat Intelligence Team expanded on this topic and described how these assaults are carried out.
To trick people into clicking, attackers combine these URLs with social engineering baits that imitate well-known productivity tools and services. This triggers a sequence of redirections, including a CAPTCHA verification page that adds credibility and tries to avoid certain automated analysis systems, before redirecting the visitor to a bogus sign-in page. Credential breach occurs as a result, exposing the user and their organization to further assaults.
The redirect URLs included in the message are put up using a genuine service in order to effectively lead prospective victims to phishing sites.
The last actor-controlled domains in the connection, in fact, use top-level domains like.xyz,.club,.shop, and.online, but they’re supplied as parameters to get around email gateways.
As part of the hacking effort, Microsoft identified at least 350 distinct phishing sites, according to Microsoft.
The most successful weapon hackers have is convincing social engineering lures that seem to be notifications from applications like Office 365 and Zoom, as well as a well-crafted detection evasion method and a long-lasting infrastructure to carry out the assaults.
To add to the attack’s legitimacy, visitors who click the specially-crafted link are sent to a malicious landing page that uses Google reCAPTCHA to prevent any dynamic scanning efforts.
After passing the CAPTCHA verification, the victims are sent to a fake Microsoft Office 365 login page, which swipes their credentials as soon as they enter the information.
If the victim inputs a password, the website will reload with an error message stating that the session has expired and instructing the visitor to re-enter the password.
This is a data validation procedure similar to the double opt-in routine performed by email marketing list providers to verify that they are following spam regulations.
Phishing victims are led to a genuine Sophos security website, which falsely claims that the email message they were instructed to obtain has been released.
We can go ahead and take immediate necessary action now that we are aware of the threat, lowering the chance of becoming another statistic in this cyberwar.
Are you doing all you can to avoid falling victim to phishing scams? Please share your thoughts in the comments area below.
Was this page of assistance to you?
Thank you very much!
There are insufficient details It’s difficult to comprehend Other Speak with a Professional
Start a discussion.