According to reporting from Bleeping Computer, bad actors—who are believed to be Russians pretending to be European political officials or diplomats—are contacting employees of organizations working on issues related to Ukraine and human rights. The end goal is to trick targets into clicking an OAuth phishing link leading them to authenticate their Microsoft 365 credentials.
This attack typically begins with targets receiving a message via Signal or WhatsApp from a user posing as a political official or diplomat with an invitation to a video call or conference to discuss issues related to Ukraine.
Once a thread is established, bad actors send victims PDF instructions along with an OAuth phishing URL. When clicked, the user is prompted to log into Microsoft and third-party apps that utilize Microsoft 365 OAuth and redirected to a landing page with an authentication code, which they are told to share in order to enter the meeting. This code, which is valid for 60 days, gives attackers access to email and other Microsoft 365 resources, even if victims change their passwords.
How to spot the Microsoft 365 OAuth attack
Users should also be wary of social engineering tactics that play on human psychology to successfully carry out phishing and other types of cyber attacks. Examples include messages that are unusual or out of character—especially for a sender you know or trust—communication that prompts an emotional response (like fear or curiosity), and requests that are urgent or offers that are too good to be true.
A social engineering explainer from CSO advises a "zero-trust mindset" as well as watching out for common signs like grammar and spelling mistakes and instructions to click links or open attachments. Screenshots of the Signal and WhatsApp messages shared by Volexity show small errors that give them away as potentially fraudulent.
Read More Details
Finally We wish PressBee provided you with enough information of ( This Cyber Attack Targets Microsoft 365 Accounts )
Also on site :