New Phishing attack on Windows
A phishing attack It basically consists of taking the victim to a link or to install a program that is actually a scam. They can ask us to click on something to solve an error, for example, but when it comes to putting the data they will end up on a server controlled by the attacker.
What this new Phishing attack method does is bypass two-factor authentication. When we log in to a platform, such as a social network or any online service, on many occasions we have to enter a code that we receive by SMS, e-mail or an application, in addition to the password. This usually happens the first time we log in from a computer, since from then on it will store the cookies with the credentials and it will understand that we are the legitimate user and will not ask for it again on that computer, or at least not for a while.
How to avoid these attacks
A key point is that in order to execute this type of attack, it is necessary to install a fake program. That is what is going to allow this functionality of Microsoft Edge to be exploited and that the attacker can steal the cookies and thus be able to access the passwords and all kinds of information of the victim.
Therefore, the most important thing is common sense. Never install an application without really knowing what it is about, without knowing if the source is trustworthy. It is essential to go to official sites or legitimate app stores. This way you will avoid installing software that could have been maliciously modified.
It is also essential to have All updated. It is common for vulnerabilities to arise in browsers, operating system or any other installed program. The developers themselves release patches and updates to correct these bugs. Therefore, if you always keep everything updated you can avoid many problems.
Likewise, having a security program is essential. Having a good antivirus can alert you if you mistakenly download a threat or install a program that could actually be malware. Windows Defender, for example, is a good option. Of course, it is important to avoid false positives in Windows antivirus. Sometimes you can detect a threat that is not really a threat.