These dangerous phishing attacks are more common than ever - here’s what you need to know
Phishing with man-in-the-middle attacks are getting more and more popular
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Phishing campaigns, in combination with man-in-the-middle attacks, are extremely potent, and as such their popularity among criminals is surging.
This is according to anew reportfrom Cofense, which found instead of just one fake login page where they’d steal the credentials, the threat actors are luring victims to web servers capable of brokering the entire authentication process.
That means, should the victim fall for the deception, they’d give the attackers more than just their login information (username andpasswords) - they’d also give them session cookies and thus allow them to bypass multi-factor authentication (MFA).
Phishing threat
With that in mind, the number of phishing emails reaching people’s inboxes grew by more than a third (35%) between Q1 2022 and Q1 2023. Of all the man-in-the-middle credential phishing attacks that reached people’s inboxes, almost all (94%) targeted Office 365 authentication.
Finally, nine in ten (89%) of campaigns used at least one URL redirect, while 55% used two, or more.
While thesemaliciouslanding pages might look almost identical to the authentic ones, there are some things the attackers simply can’t copy. Employees should be aware of these things, and always keep them in mind before logging in anywhere - especially if the login link came from an email or a social media message.
Google is killing off passwords in favor of something new - here’s what you need to know>Everything you need to know about phishing>Here’s our list of the best firewalls around
The easiest way to determine if the landing page is malicious is to take a closer look at the URL. The threat actors will try and get the URL to be as close to the original as possible, so look for any suspicious words, typos, or similar. Another way to determine if a landing page is after your sensitive data is to inspect the website certificate, as these are authorized by a certificate authority. Users should look for the padlock icon in the web browser, as that indicates the validity of the certificate and the security of the connection between the browser and the destination.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“The common name in the certificate of the legitimate website is microsoftonline.com. The common name in the certificate from the man-in-the-middle server has nothing to do withMicrosoftat all,” the researchers concluded.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
