Double-check that job posting — hackers are spreading malwar…

A new phishing scam has emerged that shows how sophisticated bad actors are becoming in tricking unsuspecting victims into giving up their personal information.

The latest cyber attack focuses on job listing website, Indeed. Hackers send an email from the website pretending to have an employment opportunity. Once you click on the link, it will send you to the Microsoft 365 login page to enter your credentials. From here you’re not suspecting any foul play, but the next time you try to log in to your Microsoft 365 account, you’ll find that not only are you getting an error message that the information is incorrect, but that That your account is no longer available.

A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show the code on their screens.
Sora Shimazaki/Pexels

According to Bleeping Computer, researchers at Menlo Security have observed this phishing scam being targeted at U.S. executives in industries including electronic manufacturing, banking and finance, real estate, insurance, and wealth management.

The cyber attack is so sophisticated that it is able to bypass multifactor authentication on Microsoft 365 accounts through a method called cookie theft. This tactic is used to swipe cookies from famous websites and copy their designs. By hacking recent web sessions of programs that are not typically refreshed, bad actors mimicking pages can appear similar to pages from normal websites. Cookie evasion was also developed as a bypass for multi-factor authentication. If you have a security feature set up on your account, you’ll probably input it yourself, given that the website is trustworthy.

Researchers began noticing cookie theft attacks in 2022 targeting several major brands, including Google Chrome, Amazon Web Services (AWS), Azure, Slack, and Electronic Arts.

In this case the hackers used a platform called EvilProxy to carry out their cookie theft and create a page that looked like an authentic Microsoft login page. Multifactor authentication is common for Microsoft 365 so users will have some form set up.

Adding the Indeed email makes this phishing scam especially complex because opening the link triggers an open redirect, which is a weakness that could allow the bad actor to direct you to their nefarious website after clicking on a legitimate link. allows for.

This is not the only phishing scam to plague Microsoft services in recent times. For example, last month, a team of hackers was able to infiltrate Microsoft Teams to carry out a phishing scam called “Darkgate Loader.” The scheme focuses on a fake Teams message about a “change in holiday schedule”, but when downloaded it contains complex hidden malware. Cybersecurity researchers revealed that hackers were able to access Teams through compromised Office 365 accounts and even found vulnerable email addresses that they were able to take over.

Ongoing spam and cybercrime have led email providers including Gmail and Yahoo to set requirements for bulk senders as security measures. These requirements include email authentication, the ability to easily unsubscribe, and email assurance, and will be implemented starting February 1, 2024. Google said many of the requirements largely serve the purpose of basic email hygiene, but are being set for the purpose of building on this. This is an industry standard.











Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *