Phishing campaigns, combined with man-in-the-middle attacks, are so effective that their popularity among criminals is skyrocketing.
This is based on a new report (opens in a new tab) From Cofense, they not only found a fake login page from which they could steal credentials, but also found that threat actors were luring victims to visit a web server that was able to proxy the entire authentication process.
This means that if the victim falls for the trick, they will not only provide the attacker with login information (username and password), but also provide them with a session cookie, allowing them to bypass multi-factor authentication (MFA).
Phishing Threat
With this in mind, the number of phishing emails reaching people’s inboxes grew by more than a third (35%) from Q1 2022 to Q1 2023. Of all the man-in-the-middle credential phishing attacks that reach people’s inboxes, nearly all (94%) target Office 365 authentication.
Finally, nine out of 10 (89%) campaigns used at least one type of URL redirection, while 55% used two or more.
Although these malicious (opens in a new tab) The login page might look nearly identical to the real one, but there are some content that an attacker cannot replicate. Employees should know these things and always keep them in mind before logging anywhere — especially if the login link comes from an email or social media message.
The easiest way to determine if a landing page is malicious is to take a close look at the URL. Threat actors try to make URLs as close to the original as possible, so look for any suspicious words, misspellings, or similar. Another way to determine if a landing page is behind your sensitive data is to check website certificates, as these are authorized by certificate authorities. Users should look for the padlock icon in their web browsers, as it indicates the validity of the certificate and the security of the connection between the browser and the target.
“The common name in the certificate of the legitimate website is microsoftonline.com. The common name in the certificate from the middleman server has absolutely nothing to do with Microsoft,” the researchers concluded.
