Subj : TikTok links are being used to hijack Microsoft accounts
To   : All
From : TechnologyDaily
Date : Thu Sep 26 2024 20:45:06

TikTok links are being used to hijack Microsoft accounts

Date:
Thu, 26 Sep 2024 19:31:00 +0000

Description:
Dont let hackers steal your Microsoft 365 credentials with this lame attack.

FULL STORY
======================================================================

Hackers are using TikTok in new phishing attacks as they attempt to steal 
peoples Microsoft Office 365 credentials, a new report from Cofense has 
warned. 

The company's researchers detected someone sending out phishing emails 
threatening victims that all of their emails will be deleted unless they 
press a button. Whats new about this campaign is that the button actually 
leads to TikTok. 

To make the attack work, the attackers employ TikTok URLs. A TikTok URL 
usually appears in the bios of a profile that has links to external websites, 
the researchers explained - so therefore, the TikTok URL can redirect the 
visitor to whatever site the profile holder chooses. Spotting the scam 

If the phishing email recipient does not spot the trick and clicks the button 
in the message, they will be sent through a number of redirects, ultimately 
landing on a web page that looks like a Microsoft 365 login site, with the 
company logo and all. The malicious site even autofills the users email 
address in order to improve legitimacy. 

However, since this is a fake website, controlled by the attackers, any 
information - including passwords - submitted there, go straight to the 
hackers. 

The use of TikTok URLs may be novel, but the overall methodology does not 
differ much from what were used to seeing. The email still comes from a 
completely unrelated domain. It is still full of grammar and spelling 
mistakes. Finally, the URL of the landing page does not even come close to 
resembling a Microsoft domain. 

Therefore, spotting the attack should not be too difficult - it only takes 
being a little mindful of the emails coming in, and not trusting everything 
in the inbox. More from TechRadar Pro An ID verification service for TikTok, 
Uber and X reportedly left its credentials open for a year Here's a list of 
the best firewalls around today These are the best endpoint security tools 
right now



======================================================================
Link to news story:
https://www.techradar.com/pro/security/tiktok-links-are-being-used-to-hijack-m
icrosoft-accounts


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.