Outlook: beware of this massive phishing campaign that can bypass double authentication

If you use Outlook or Exchange to receive your emails, we advise you to pay close attention to the emails you receive at the moment. Indeed, a massive phishing campaign targeting users of Microsoft email clients in particular is being deployed. If professionals are the first targets, individuals are not immune.

Bad times for Outlook users. The cybersecurity firm Zscaler has just unveiled a large-scale phishing campaign targeting the accounts of Microsoft’s email client. If the latter are now unfortunately common, this campaign is particularly dangerous. Indeed, it cancels the effect of double authentication, which is very effective in this type of situation.

To do this, hackers use a man-in-the-middle attack. As a reminder, this method consists of positioning yourself between the user’s client and the server of the managing company, here Microsoft, to intercept all the data that passes between the two. Among this data, we therefore find the data sent for double authentication, which hackers can recover to connect to their victim’s account.

On the same subject: Microsoft Outlook crashes when you open an email containing a table

Outlook and Exchange users, pay close attention to the emails you receive

In its report, Zscaler specifies that this campaign primarily targets businesses and professionals. In addition, Outlook users are not targeted since malicious emails are also sent to Exchange, Microsoft’s messaging service for the working world. However, this does not mean that individuals are off the hook.

Indeed, as the organization explains, this attack, like any phishing campaign, sends a link to its victims which then allows them to recover their personal data. Problem: Zscaler claims that several executives of many companies fell for it, giving control of their account to hackers, who were quick to spread their malicious mail on a larger scale.

In other words, pay close attention to the next emails you receive if you use one of Microsoft’s clients. Especially since this is not the first time that these serve as gateways for pirates. In 2019, the Redmond firm admitted that its users’ emails had been spied on for several months.

Source: Zscaler

Source link -101