cua cà mau cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau cua cà mau cua tươi sống cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau
Skip to main content

Hackers have found a way to log into your Microsoft email account

Account holders for Microsoft email services are being targeted in a phishing campaign, according to security researchers from Zscaler’s ThreatLabz group.

The objective behind the threat actors’ efforts is believed to be the breaching of corporate accounts in order to perform business email compromise (BEC) attacks.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

As reported by Bleeping Computer, BEC-based activity would see payments being redirected toward hackers’ bank accounts via the use of forged documents.

Recommended Videos

Zscaler, a cloud security company, said that targets were involved in various industries, such as fin-tech, lending, accounting, insurance, and Federal Credit Union organizations based in the U.S., U.K., New Zealand, and Australia.

At the moment, it seems the campaign has yet to be properly addressed by Microsoft, with new phishing domains being published nearly every day.

The campaign was originally detected in June 2022, with analysts observing a sudden rise in phishing attempts against the aforementioned industries, in addition to account holders of Microsoft email services.

Threat actors would incorporate links to the emails as buttons or HTML files that would redirect the target to a phishing page. Bleeping Computer points out how certain platforms don’t see open redirects as a vulnerability, which has led to these malicious redirects going through Google Ads, Snapchat, and DoubleClick.

Businesses and individuals are increasingly turning to multifactor authentication to secure their accounts. As such, obtaining a login email and password nowadays won’t provide anything of value to hackers.

Custom phishing kits and reverse proxies like Evilginx2, Muraena, and Modilshka have now come into play to bypass an MFA-enabled account.

A phishing proxy that essentially acts as a middle man between the victim and email provider service is capable of extracting the authentication cookies. Through this method, hackers can use the stolen cookies to log in and completely evade MFA for an account.

For this particular campaign, a custom proxy-based phishing kit was found utilizing the Beautiful Soup HTML and XML parsing tool, which amends actual login pages derived from corporate logins in order to incorporate phishing components.

Cyberattacks in general have nearly doubled since last year, while Microsoft itself started an initiative to tackle the rapid rise of cybercrime with its Security Experts program.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Hackers are sending malware through seemingly innocent Microsoft Teams messages
Microsoft Teams

Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.

A new phishing scam called "DarkGate Loader" has been uncovered that targets Microsoft Teams. It can be identified with a message and a link that reads "changes to the vacation schedule." Clicking this link and accessing the corresponding .ZIP files can leave you vulnerable to the malware that is attached.

Read more
Lapsus$ hackers convicted of breaching GTA 6, Nvidia, and more
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

The Lapsus$ hacking gang caused havoc in 2021 and 2022 with a series of high-profile security breaches and ransom demands. Yet things have been very quiet since then, and two alleged members of the group have just been convicted in the U.K., potentially bringing an end to one of the most notable hacking sprees in recent times.

According to Bloomberg and the BBC, two people accused of being members of the gang were convicted in the U.K. of a number of crimes, including serious computer misuse, blackmail, and fraud. The defendants included Arion Kurtaj, 18, and a 17-year-old male who could not be named due to his age. Both defendants are autistic and psychiatrists deemed that Kurtaj was not fit to stand trial, so he did not give evidence. They will both be sentenced at a later date.

Read more
This PowerPoint ploy could help hackers empty your bank account
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

 

With various cybersecurity threats on a constant rise, it certainly feels like dangerous malware is around every corner. This time, it found its way into PowerPoint presentations disguised as helpful guides on how to protect yourself against phishing. The irony of it all is strong, but the worst part is that this malware could help attackers empty your bank account.

Read more