Hackers are using this classic technique to hijack Microsoft 365 accounts

Audio participant loading…

Open redirects, a traditional weak point present in lots of the world’s largest internet pages, are reportedly getting used to steal login credentials (opens in new tab) for Microsoft 365 accounts.

In keeping with consultants from safety agency Inky, the tactic was used to ship greater than 6,800 phishing emails from Google Workspace, posing as Snapchat, within the final two and a half months. As for American Categorical, the workforce recognized greater than 2,000 phishing emails.

Identity theft (opens in new tab) is among the extra well-liked cybercriminal actions, as the info could be efficiently leveraged for different types of fraud.

AmEx strikes quick, Snapchat lags

Open redirects enable risk actors to make use of different individuals’s domains and web sites as momentary touchdown pages, earlier than sending the victims to the phishing web page. That means, when the attacker sends a phishing electronic mail, the hyperlink within the electronic mail’s physique may look legit, additional encouraging individuals to click on.

“Because the first area identify within the manipulated hyperlink is the truth is the unique web site’s, the hyperlink might seem protected to the informal observer,” Inky says. “The trusted area (e.g., American Categorical, Snapchat) acts as a brief touchdown web page earlier than the surfer is redirected to a malicious web site.”

After studying in regards to the flaw, American Categorical took only some days to patch issues up, whereas Snapchat, though notified by the researchers greater than a 12 months in the past, is but to repair the problem. 

“In each the Snapchat and the American Categorical exploits, the black hats inserted personally identifiable data (PII) into the URL in order that the malicious touchdown pages could possibly be personalized on the fly for the person victims,” Inky added. “And in each, this insertion was disguised by changing it to Base 64 to make it appear to be a bunch of random characters.”

Whereas the hyperlinks might look legit, there’s a strategy to spot the fraud, Inky explains. When a person receives such an electronic mail, they need to examine the hyperlink for issues similar to “url=,” “redirect=,” “external-link,” or “proxy” strings or a number of occurrences of “HTTP”, as these will possible present that it’s a redirect. 

Web site house owners must also arrange redirection disclaimers, forcing customers to click on earlier than being redirected to exterior websites. 

Through: BleepingComputer (opens in new tab)


Leave a Reply

Your email address will not be published. Required fields are marked *