Tricky Phish Angles for Persistence, Not Passwords
Late last year saw the re-emergence of a nasty phishing tactic that allows the attacker to gain full access to a user’s data stored in the cloud without actually stealing the account password. The phishing lure starts with a link that leads to the real login page for a cloud email and/or files storage service. Anyone who takes the bait will inadvertently forward a digital token to the attackers that gives them indefinite access to the victim’s email, files, and contacts — even after the victim has changed their password.
Before delving into the details, it’s important to note two things. First, while the most recent versions of this stealthy phish targeted corporate users of Microsoft’s Office 365 service, the same approach could be leveraged to ensnare users of many other cloud providers. Second, this attack is not exactly new: In 2017, for instance, phishers used a similar technique to plunder accounts at Google’s Gmail service.
News Source: Tricky Phish Angles for Persistence, Not Passwords
- How Israel-Iran Cyber War has changed the face of Modern Warfare
- Why Is It Paramount for Organizations to Train Their Employees in Cybersecurity?
- Staying Safe While Working from Home Remotely
- Rising threat of SMB vulnerabilities and their effect on business continuity
- The Effects of DevOps on Enterprise Security