Microsoft Warns of a Complex New Scheme to Steal your Login Details
There is no end to the innovative and crafty idea that criminals devise to steal your money and your privacy. In our continuing efforts to keep you safe, we’re sharing a TechRadar article without you outlining the new critical warning from Microsoft’s cybersecurity team. You’ll note that this new scheme is complex, even includes captchas and valid domain names when links are casually scanned.
We cannot warn you strongly enough to be extremely careful when clicking links in email unless you’re positive you know who sent it. Think before you click. If something does not seem right – it probably isn’t. Be careful and be safe!
Microsoft warns of elaborate new cybercrime scheme to steal your login details
Attackers even throw a Captcha challenge to lend an air of legitimacy
Cybersecurity researchers at Microsoft have shared details of a comprehensive credential phishing campaign that uses open redirector links to lure users into clicking.
Legitimate sales and marketing campaigns often rely on open redirects to track click rates and lead customers to a particular landing page.
‘However, attackers could abuse open redirects to link to a URL in a trusted domain and embed the eventual final malicious URL as a parameter. Such abuse may prevent users and security solutions from quickly recognizing possible malicious intent,’ warn the researchers.
While the abuse of open redirects isn’t a novel approach, the attackers in the current campaign combine these links with social engineering tricks by impersonating popular tools and services to trick users to click the fake links.
Hook, line, and sinker
Unraveling the details of the campaign, the researchers say that the links lead to not one, but several redirects, and even throw a Captcha verification page, in a bid to fool users into thinking that the page is above-board.
Once the users answer the Captcha, the attackers take them to the fake sign-in page of a legitimate service.
The researchers suggest that phishing attacks make use of open redirects because a casual inspection of the URL from inside an email client will display a trustworthy domain name, encouraging users to click the link.