Tech

advice to business leaders, beware of phishing!

Deepak GuptaAugust 10, 2023
0

Proofpoint’s computer security researchers have just discovered the existence of a vast phishing campaign organized on Microsoft 365. Hackers primarily target executives, business leaders or employees in charge of sensitive information or Financial assets.

microsoft 365 phishing
Credit: 123RF

While Microsoft Teams is regularly hijacked by Russian hackers to infiltrate governments and government agencies, Microsoft 365 is also often targeted by hackers.

Indeed, the subscription that provides access to all of Microsoft’s office software is a marvel for hackers, who use it to launch large-scale phishing operations. In 2021, we alerted our readers to this phishing attack against Microsoft 365 users.

However, computer security researchers from Proofpoint have just discovered the existence of a new phishing campaign. The hackers’ main objective: to steal Microsoft 365 accounts. To do this, they rely on a phishing software provider called EvilProxy.

Beware of this new phishing campaign on Microsoft 365

This tool, billed at $400 a month, has been used by perpetrators of mischief to send no less than 12,000 malicious emails to more than a hundred organizations over the past two months. Through this phishing campaign, hackers attempted to steal login credentials as well as two-factor authentication codes. The method used is very simple: hackers pretend to be Microsoft services and include spoofed links in these malicious emails.

By clicking on it, victims are redirected to a fake form, specially designed to collect their login information. “In order to hide the user’s email address from automatic analysis tools, the attackers used a special encoding of the user’s email address and used legitimate websites to upload their PHP code to decode the email address of a particular user”, explains Proofpoint in its report.

According to Proofpoint experts, the attackers are believed to be from Turkey, as users with IP addresses located in the country are immediately redirected to the legitimate site, not the malicious copy crafted by the hackers. Furthermore, and as mentioned above, hackers mainly target people in high positions in their respective companies. Nearly 40% of victims were executives, 9% CEOs and deputy directors, and 17% CFOs.

Source : TechRadar

We have other articles that may interest you:
  1. What to watch this weekend on Netflix, HBO and other platforms
  2. Bitcoin: the French authorities go to war against influencers who promote cryptocurrency
  3. Lenovo Tab M10 Plus, a cheap Android tablet for the mid-range
  4. Why Mario is a plumber (although he stopped being one very little)
  5. Terrifier 2 causes vomiting and fainting in theaters, what the hell is it about?
  6. Microsoft Defender is automatically installed on PCs with Microsoft 365
Deepak GuptaAugust 10, 2023
0

Related Articles

The premieres of the week on Netflix, HBO Max and Amazon Prime Video

January 10, 2022

The official and free version of Audacity arrives at the Microsoft Store

April 29, 2022

Why Twitter has taken so long to leave Edit (and what dangers it has)

April 7, 2022

Italy fines Apple and Google

November 26, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *