Recently, the US military attacked and killed Iranian military chief Qasem Soleimani, forcing Iran to announce revenge. Many reports predicted that Iran would launch a cyber-attack on the US as part of its retaliation. Truly, a number of websites were attacked globally with images and slogans declaring support to the killed military chief. Hackers have also been revealed to have taken advantage of the cyber-threat to obtain Microsoft password of people by using the Iranian cyber-attack to convince them to open a malicious link through email according to a report.
In the latest hacking scheme, the threat actors seem to be impersonating Microsoft to improve the credibility of their email to stand a better chance of getting anyone opening them. They send an email to targets with the subject line “Email Users Hit By Iran Cyber-attack” appearing to have been sent by the Microsoft MSA. The body of the email informs users that Microsoft has been hit by an Iranian Cyber-attack forcing the company to take security measures by locking users out of their accounts. This is obviously an attempt to steal their login information and finally take over their identity.
Image Source: www.fossbytes.com
It has been said that hackers are no magicians. The success of their campaign depends on the reaction of the target. Most people do not devote time to do their personal checks to confirm the claims made in the emails. A company like Microsoft would have its data breach news reported by all the major news outlets. For anyone to stay safe from cyber-attackers in 2020, it is recommended that they verify the authenticity of an email before they open any link found within. The same advice can be considered when visiting an unsecured website.
It is widely believed that Outlook Spam Filters will be enough to protect any malicious email from landing in your Inbox. This is not always true. The latest campaign using the tension between Iran and the US to launch a phishing attack is capable of bypassing the Outlook Spam Filters as witnessed by one of the targets. Below the body of the email is “Restore Data” containing a phishing link to send all sensitive information to the hackers. Targets who quickly believe in the contents of the email, and click on the “Restore Data” are taken to a fake website looking like a genuine Microsoft page. This page will ask targets to log into their Microsoft accounts, and once they enter their Microsoft password, they will be redirected to a different page. This becomes more serious when people use their Microsoft password on other websites as well.
Hackers can use these data to access your information on other platforms and sell them on the dark web. It is advised that if you try to log into your account using a referral link, and you are led to an error page, consider changing your Microsoft password as soon as possible as you may have fallen into the trap of threat actors.
To be able to avoid falling for the deceptive stories conjured by hackers, always check for spelling mistakes and grammatical errors in their emails as most of their messages are poorly written. Also, avoid using the same Microsoft password for multiple websites as hackers would access all your accounts if they manage to obtain your email password.
Image Source: www.businessinsider.com
Avoid opening suspicious emails and do not download any untrusted attachment. Most hackers insert malicious links or attachments in emails. If the email is from your service provider, and you find it questionable, try logging in by reentering the website’s URL in your browser instead of clicking on the inserted link in the email. Never reply to an email asking for your personal information. Finally, always enter the subject line of any suspicious email in your browser and add “hoax” to see if any other person has reported this incident.
A lot of techniques used by hackers are not new. Most of their approaches to lure you to obtain your personal Microsoft password has been launched on other people, and its more likely that other targets have reported it on any of the online forums.
To protect your email users, inform them about the unauthorized access of your email account before hackers use your account to make more victims. Hackers do not always have to use sophisticated tools and potent malware to infect your system to encrypt your files. Most of them find interest in luring you out of your email account as part of their cyber-attack strategy to redirect you to a malicious website to obtain your Microsoft Password without your knowledge.
Disclaimer: Darkweblink.com does not promote or endorse claims that have been made by any parties in this article. The information provided here is for the general purpose only and unintended to promote or support purchasing and/or selling of any products and services or serve as a recommendation in the involvement of doing so. Neither Darkweblink.com nor any member is responsible directly or indirectly for any loss or damage caused or alleged to be caused by or in relation to the reliance on or usage of any content, goods or services mentioned in this article.