CyberRescue
  • We're available 24/7!
  • en
    • Polski
    • English
  • Facebook
Menu
  • News
  • Contact us
  • Facebook
  • en

    • Polski
    • English
Scammers try to bypass Office 365 multi-factor authentication

Scammers try to bypass Office 365 multi-factor authentication

19.05.2020
Comments (0)
Karolina Wrońska
  • Jump to comments
  • Share on linkedin
  • Share on facebook
  • Share on twitter
  • Share on pinterest
  • Jump to top

Scammers using phishing try to get users to grant permissions to fake applications to bypass the multi-factor authentication to Office 365 accounts.


The attacks begins with an e-mail invite that directs the user to a Microsoft SharePoint platform (via link) where the file implying salary bonus is uploaded.

If you use the link you will go to a real Microsoft Office 365 login page but there’s a slight change to the URL, something that shouldn’t be there.

By putting login and password and pressing the login button the user permits the ID token and authorization code to be sent to a fake Office 365 domain/app.

This way the fake app will gain access to the victim’s account, could read and modify all its contents, access contacts.

This way the attacker doesn’t need to know the login credentials – attacker just needs the victim to use the sent URL to log onto the real Microsoft Office 365 via that link. This allows to exchange the real ID token and authorization code with fake website. 

Even though the the access token expires after some time the app has permission to refresh tokens which means it can have access indefinitely.

 

What should you do?

  • don’t open clear phishing attempts (like salary bonus files)
  • think before you grant all the permissions to an app
  • always log in through writing in the URL, not from sent links

 

Source

Good to know!
Share on twitterShare on facebookShare on pinterestShare on Linkedin
Tags:
  • office,
  • office 365,
  • microsoft,
  • bypass,
  • mfa
Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Sidebar

Cyber News

  • Google Play Store is banning apps with hidden stalkerware
  • Amazon Prime scam is back!
  • Fraudsters are using fake social media websites to gain access to companies
  • Brave browser used affiliate links on users
  • Scammers try to bypass Office 365 multi-factor authentication
  • Windows Search problem looks like a virus
  • Anubis malware lets attackers know if you’re looking at the screen
  • Serious flaw in Samsung Galaxy
  • Contact-tracing apps – what are they and how can they help?
  • CAPTCHA used to help phishing websites
  • Spyware campaign in Google Play store
  • Ransomware campaign hits Germany

See all

Latest Posts

  • Twitter Hack of the century
  • What’s a two-factor authentication?
  • How to care for your phone in hot weather? 3 simple Cyber Tips.
  • The 76 Cyber Fires put out by CyberRescue!
  • Be a conscious parent! How to keep your child safe on the Internet.
  • What Facebook knows about you?

Zobacz wszystkie

  • Privacy Policy
  • More about CyberRescue
CyberRescue © 2023
powered by  AIO collective