Skip to main content

Hackers have found a way to log into your Microsoft email account

Account holders for Microsoft email services are being targeted in a phishing campaign, according to security researchers from Zscaler’s ThreatLabz group.

The objective behind the threat actors’ efforts is believed to be the breaching of corporate accounts in order to perform business email compromise (BEC) attacks.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

As reported by Bleeping Computer, BEC-based activity would see payments being redirected toward hackers’ bank accounts via the use of forged documents.

Zscaler, a cloud security company, said that targets were involved in various industries, such as fin-tech, lending, accounting, insurance, and Federal Credit Union organizations based in the U.S., U.K., New Zealand, and Australia.

At the moment, it seems the campaign has yet to be properly addressed by Microsoft, with new phishing domains being published nearly every day.

The campaign was originally detected in June 2022, with analysts observing a sudden rise in phishing attempts against the aforementioned industries, in addition to account holders of Microsoft email services.

Threat actors would incorporate links to the emails as buttons or HTML files that would redirect the target to a phishing page. Bleeping Computer points out how certain platforms don’t see open redirects as a vulnerability, which has led to these malicious redirects going through Google Ads, Snapchat, and DoubleClick.

Businesses and individuals are increasingly turning to multifactor authentication to secure their accounts. As such, obtaining a login email and password nowadays won’t provide anything of value to hackers.

Custom phishing kits and reverse proxies like Evilginx2, Muraena, and Modilshka have now come into play to bypass an MFA-enabled account.

A phishing proxy that essentially acts as a middle man between the victim and email provider service is capable of extracting the authentication cookies. Through this method, hackers can use the stolen cookies to log in and completely evade MFA for an account.

For this particular campaign, a custom proxy-based phishing kit was found utilizing the Beautiful Soup HTML and XML parsing tool, which amends actual login pages derived from corporate logins in order to incorporate phishing components.

Cyberattacks in general have nearly doubled since last year, while Microsoft itself started an initiative to tackle the rapid rise of cybercrime with its Security Experts program.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Ransomware attacks have spiked massively. Here’s how to stay safe
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

No one wants to fall victim to ransomware, but a new report from blockchain security firm Chainalysis claims that ransomware payments could be set for a record-breaking year, with criminals raking in close to half a billion dollars just seven months into 2023.

According to the analysis, ransomware payments this year have totaled $449.1 million so far. That’s $175.8 million more than this time last year, suggesting that hackers have doubled down on this method of extracting money from unfortunate victims.

Read more
This critical exploit could let hackers bypass your Mac’s defenses
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

Microsoft has discovered a critical exploit in macOS that could grant hackers easy access to your Mac’s most important data. Dubbed ‘Migraine,’ it shows why it’s vital to update your Mac as soon as possible.

Migraine is so damaging because it can bypass Apple’s System Integrity Protection, or SIP for short. SIP is enabled by default on modern Macs and works by sandboxing sensitive parts of the computer from outside meddling. Only processes that are signed by Apple (or those with special privileges, like Apple installers) are allowed to alter something guarded by SIP.

Read more
Is ChatGPT creating a cybersecurity nightmare? We asked the experts
A person's hand holding a smartphone. The smartphone is showing the website for the ChatGPT generative AI.

ChatGPT feels pretty inescapable right now, with stories marveling at its abilities seemingly everywhere you look. We’ve seen how it can write music, render 3D animations, and compose music. If you can think of it, ChatGPT can probably take a shot at it.

And that’s exactly the problem. There's all manner of hand-wringing in the tech community right now, with commenters frequently worrying that AI is about to lead to a malware apocalypse with even the most green-fingered hackers conjuring up unstoppable trojans and ransomware.

Read more