Phishing Campaign Takes Different Tactic With Similar Outcome
When phishers attack users, they typically try to steal your credentials – your userid and password. If you are one of the small percentage of users that religiously use two factor authentication (Google says that 90% of GMail users do not use two factor authentication), these password thefts do not help a hacker unless they can figure out a way to compromise that second factor too. Since the vast majority of people don’t use two factor, if the hackers do get your password, then they are in and can steal your data.
But what if – just sayin – that you change your password?
I know. I know. You are saying that you haven’t changed your email password in 37 years. But just say that you do. Maybe you think the password was compromised. That means that the hacker has lost access to your information.
Hackers have come up with another technique that will actually survive you changing your password.
Here is how it works.
The hacker gets you to click on a link and the link takes you to the legitimate Microsoft (or Google) login page. With one tweak.
If you look at the URL, there is a redirect with a request for permissions.
You enter your credentials and you are redirected to a hacker’s site which now asks for permissions to access your mail and contacts, etc.
If you accept this (and you might because you just came from the real [Microsoft or Google] login screen), the hacker now has access to your stuff.
Even if you change your password the hacker will still have access to your stuff.
The only way to turn this off would be to look at your permissions page to see what apps or websites you have granted access to your stuff.
This means that you have to be VERY CAREFUL when you see a permissions request screen to look at the URL that is asking. Of course, you may or may not understand the URL. In this case it was an Office 365 attack and the hacker’s domain was Officemtr.com . That is close enough that it probably seems legit.
Which the hacker is counting on.
Consider yourself warned. Source: Brian Krebs