Users ofOutlook and Exchange, pay close attention to the emails you receive. Currently, a campaign of phishing massive targets email clients from Microsoft.
The hackers have managed to cancel the double authentication and no one is safe. If professionals are particularly targeted, there is also a danger for individuals.
Outlook and Exchange victims of a large-scale attack
A new phishing campaign is rampant on Outlook. Cybersecurity company Zscaler has unveiled a particularly dangerous new attack. It manages to thwart Microsoft’s double authentication, which is usually effective. In its report, the firm specifies that this campaign mainly targets professionals and businesses. Microsoft’s messaging dedicated to the world of work, Exchange, is particularly targeted by the most malicious emails. However, the researchers believe that individuals are not off the hook.
To achieve their ends, hackers resort to a man-in-the-middle type attack, consisting of interfering between the email client and the company’s server. The objective: to siphon off the data passing between the two, which includes that of double authentication. They then just have to log in to their victim’s account to recover their personal data.
Like most attacks of its kind, this phishing campaign sends an email to victims through misleading domain names, containing a misspelling or a misleading variation. Unfortunately, several business executives have already fallen for it, which has allowed hackers to accelerate the distribution of malicious emails. We can therefore strongly recommend that you remain particularly vigilant about the messages you receive if you use Outlook or Exchange.
Source : Neowin
2