Phishing campaigns, in combination with man-in-the-middle attacks, are extremely potent, and as such their popularity among criminals is surging. 

This is according to a new report from Cofense, which found instead of just one fake login page where they’d steal the credentials, the threat actors are luring victims to web servers capable of brokering the entire authentication process.

That means, should the victim fall for the deception, they’d give the attackers more than just their login information (username and passwords) – they’d also give them session cookies and thus allow them to bypass multi-factor authentication (MFA).

Phishing threat

With that in mind, the number of phishing emails reaching people’s inboxes grew by more than a third (35%) between Q1 2022 and Q1 2023. Of all the man-in-the-middle credential phishing attacks that reached people’s inboxes, almost all (94%) targeted Office 365 authentication.

Finally, nine in ten (89%) of campaigns used at least one URL redirect, while 55% used two, or more.

While these malicious landing pages might look almost identical to the authentic ones, there are some things the attackers simply can’t copy. Employees should be aware of these things, and always keep them in mind before logging in anywhere – especially if the login link came from an email or a social media message.

The easiest way to determine if the landing page is malicious is to take a closer look at the URL. The threat actors will try and get the URL to be as close to the original as possible, so look for any suspicious words, typos, or similar. Another way to determine if a landing page is after your sensitive data is to inspect the website certificate, as these are authorized by a certificate authority. Users should look for the padlock icon in the web browser, as that indicates the validity of the certificate and the security of the connection between the browser and the destination. 

“The common name in the certificate of the legitimate website is microsoftonline.com. The common name in the certificate from the man-in-the-middle server has nothing to do with Microsoft at all,” the researchers concluded.

Go to Source

Follow us on FacebookTwitter and InstagramWe are growing. Join our 6,000+ followers and us.

At TechRookies.com will strive to help turn Tech Rookies into Pros!

Want more articles click Here!

Deals on Homepage!

M1 Finance is a highly recommended brokerage start investing today here!

WeBull. LIMITED TIME OFFER: Get 3 free stocks valued up to $6300 by opening & funding a #Webull brokerage account! “>Get started >Thanks for visiting!

Subscribe to our newsletters. Here! On the homepage

Tech Rookies Music Here!

Disclaimer: I get commissions for purchases made through links in this post at no charge to you and thanks for supporting Tech Rookies.

Disclosure: Links contain affiliates. When you buy through one of our links we will receive a commission. This is at no cost to you. Thank you for supporting Teachrookies.com

Disclaimer: This article is for information purposes and should not be considered professional investment advice. It contains some forward-looking statements that should not be taken as indicators of future performance. Every investor has a different risk profile and goals. All investments have risks. Always do your own research or hire an expert before investing and trading.