Microsoft Details Phishing Campaign Targ (5157242)

Programming & Development Apps & Mobile

Microsoft Details Phishing Campaign Targ

$20/hr Starting at $25

The scam started in Sept. 2021 and attackers managed to

Microsoft has identified a large-scale phishing campaign that targeted over 10,000 organizations since Sept. 2021 in a bid to steal large sums of money.

As Ars Technica reports(Opens in a new window), the campaign uses an adversary-in-the-middle (AiTM) technique to insert a proxy site between the account of an employee and the work server they are trying to connect to. The attacker-controlled site is accessed via an HTML attachment in a phishing email.

When the user unknowingly enters their credentials into the proxy site, it relays them to the real work server, completes the user authentication for Outlook online, then grabs the session cookie to ensure the authentication remains active and they can access the employee's email account

multifactor authentication.

About

$20/hr Ongoing

Download Resume

The scam started in Sept. 2021 and attackers managed to

Microsoft has identified a large-scale phishing campaign that targeted over 10,000 organizations since Sept. 2021 in a bid to steal large sums of money.

As Ars Technica reports(Opens in a new window), the campaign uses an adversary-in-the-middle (AiTM) technique to insert a proxy site between the account of an employee and the work server they are trying to connect to. The attacker-controlled site is accessed via an HTML attachment in a phishing email.

When the user unknowingly enters their credentials into the proxy site, it relays them to the real work server, completes the user authentication for Outlook online, then grabs the session cookie to ensure the authentication remains active and they can access the employee's email account

multifactor authentication.

Skills & Expertise

App & Mobile ProgrammingInformation TechnologyMicrosoftMicrosoft AccessMicrosoft Outlook

omar abualrub