sourcegraph
February 22, 2024

A new Microsoft 365 phishing attack is spreading, and it’s discussed in detail in a new report from email security service Vade. The organization’s Threat Intelligence and Response Center (TIRC) was able to gather information about the attack and discovered that it was carried out via an email that contained malicious HTML attachments and JavaScript code. Here’s what we know about the attack, and how to prevent it from hitting you.

Click to get KURT’s free CYBERGUY newsletter, filled with security alerts, quick tips, tech reviews and simple how-to’s to make you smarter

How does this phishing attack against Microsoft 365 work?

The attack process begins when someone receives the aforementioned email with a malicious HTML attachment and JavaScript code. If the person opens the attachment, it will open a phishing page that looks like the person has logged out of their Microsoft 365 account and will need to log in again to view the file. It is designed to mimic the Microsoft 365 sign-in interface with the logo. Here, users will be asked to enter their credentials, such as their email address, phone number or Skype, followed by their password so hackers can steal authentication information. Once phished, login credentials are sent directly to the threat actor.

We reached out to Microsoft for comment on the phishing attack targeting Microsoft 365, but did not hear back by the deadline for publishing this article.

Hackers use glitch.me to host malicious domains

Hackers have been using the website glitch.me to host these phishing pages, which include a malicious domain called eevilcorponline. Glitch.me is often used unintentionally by people to create things like websites and other online projects.

A Disturbing Malware Threat Spreading on Facebook and Twitter

Same team also uncovers Adobe phishing attack

While researching Microsoft 365 phishing attacks, Vade’s team also discovered a phishing attack impersonating a legitimate version of Adobe. For those of you who don’t know, Adobe is a well-known software company that specializes in multimedia and creative tools, known for products like Photoshop, Illustrator, and Acrobat.

LAS VEGAS, NEVADA – JANUARY 6: Microsoft Corporation booth signage is displayed at CES 2023 at the Las Vegas Convention Center on January 6, 2023 in Las Vegas, Nevada. CES, the world’s largest annual consumer technology trade show, takes place on January 8, with approximately 3,200 exhibitors showcasing their latest products and services to more than 100,000 attendees. ((Photo by David Becker/Getty Images))

Vade discovers an email purporting to be from Adobe. The email attempts to trick people into giving out their personal information. Ward checked the emails and found some codes that could help them better understand the scam.They discovered a site called “ultitempore”[.]online” trying to trick people. They also found another site.

What can I do to protect myself?

Protecting yourself against both of the aforementioned phishing attacks can be daunting; however, there are some key signs you can spot on your own and services that can help you. Here are some of my suggestions.

New Malware for MacOS Can Steal Sensitive Information From Your Devices

Do not open any suspicious attachments

If you suddenly receive an email urging you to open an attachment or click a random link, don’t be fooled. Hackers will often try to use a sense of urgency in their emails to make you feel like you have to do what they say, so use your judgment and if something feels suspicious, don’t believe it.

Be wary of emails asking you to enter your login information

Be careful if you receive an email asking you to enter your login information. It’s best to go directly to the website in question and log in instead of clicking a link in an email.

use antivirus software

If you have good antivirus software installed, you can keep hackers out of your device. Having antivirus software on your device will ensure that you cannot click on any potentially malicious links that could install malware on your device, allowing hackers to gain access to your personal information.

See my expert reviews on the best antivirus protection for you Windows, Mac, Android and iOS devices go to Cyberguy.com/LockUpYourTech

Microsoft's pirated version

Counterfeit version of Microsoft 365 (Ward)

A New Malicious Malware Targets iPhones Specifically

double check email address

Some hackers will try to impersonate representatives of major companies like Microsoft and Adobe to trick you into thinking they are legitimate. Before clicking anything or opening any attachments, check the sender’s email address and find out for yourself. Those big companies will have official email addresses, so if that doesn’t match, you know you’re dealing with a fake company.

Kurt’s key takeaways

Phishing attacks are something we talk about a lot and remain a serious threat and way for cybercriminals to spread malware. Unfortunately, they won’t be stopping anytime soon. However, that doesn’t mean you have to fall victim to them. By following the tips above, you can protect yourself. So stay vigilant and watch out for these deceptive schemes to stay one step ahead of these scammers.

Do you think the security issue is growing or under control? Why do you think it is often the smaller cybersecurity firms that end up discovering these issues?please write to us Cyberguy.com/Contact.

Adobe's fraudulent version

Counterfeit version of Adobe (Ward)

Click here for the Fox News app

For more of my security alerts, subscribe to my free CyberGuy Reports newsletter by going to Cyberguy.com/Newsletter.

Copyright 2023 CyberGuy.com. all rights reserved.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *