Banner Image

All Services

Programming & Development Apps & Mobile

Microsoft Details Phishing Campaign Targ

$20/hr Starting at $25

The scam started in Sept. 2021 and attackers managed to

Microsoft has identified a large-scale phishing campaign that targeted over 10,000 organizations since Sept. 2021 in a bid to steal large sums of money.

As Ars Technica reports(Opens in a new window), the campaign uses an adversary-in-the-middle (AiTM) technique to insert a proxy site between the account of an employee and the work server they are trying to connect to. The attacker-controlled site is accessed via an HTML attachment in a phishing email.

When the user unknowingly enters their credentials into the proxy site, it relays them to the real work server, completes the user authentication for Outlook online, then grabs the session cookie to ensure the authentication remains active and they can access the employee's email account

 multifactor authentication.

About

$20/hr Ongoing

Download Resume

The scam started in Sept. 2021 and attackers managed to

Microsoft has identified a large-scale phishing campaign that targeted over 10,000 organizations since Sept. 2021 in a bid to steal large sums of money.

As Ars Technica reports(Opens in a new window), the campaign uses an adversary-in-the-middle (AiTM) technique to insert a proxy site between the account of an employee and the work server they are trying to connect to. The attacker-controlled site is accessed via an HTML attachment in a phishing email.

When the user unknowingly enters their credentials into the proxy site, it relays them to the real work server, completes the user authentication for Outlook online, then grabs the session cookie to ensure the authentication remains active and they can access the employee's email account

 multifactor authentication.

Skills & Expertise

App & Mobile ProgrammingInformation TechnologyMicrosoftMicrosoft AccessMicrosoft Outlook

0 Reviews

This Freelancer has not received any feedback.