CP
cyberpings
FraudHIGH

Microsoft Device Code Phishing - EvilTokens Kit Discovered

Featured image for Microsoft Device Code Phishing - EvilTokens Kit Discovered
SCSC Media
MicrosoftEvilTokensAugmented Marauderphishingbusiness email compromise
🎯

Basically, a new phishing tool tricks people into giving away their Microsoft account access.

Quick Summary

A global phishing campaign is exploiting Microsoft's device code system using the EvilTokens kit. Organizations are at risk of losing sensitive data as attackers gain access to accounts. Vigilance and security measures are crucial to thwart these threats.

What Happened

A global phishing campaign has emerged, targeting Microsoft accounts through a new kit known as EvilTokens. This sophisticated attack has affected organizations across various countries, including the U.S., Canada, France, Australia, India, Switzerland, and the UAE. The attackers use deceptive emails that appear to contain legitimate financial documents, luring victims into clicking links that lead to fake login pages.

How It Works

The EvilTokens phishing kit operates by sending emails that contain links to spoofed websites. These sites mimic trusted services and display a verification code. Victims are prompted to click a "Continue to Microsoft" button, which redirects them to a legitimate Microsoft login page. Here, they are tricked into entering a device code, which grants attackers access to temporary access tokens and refresh tokens.

Who's Being Targeted

The primary targets of this phishing scheme are organizations and individuals who use Microsoft accounts. The attackers have shown a particular interest in businesses, as the kit also facilitates business email compromise (BEC) attacks. This makes it critical for companies to be aware of the risks associated with such phishing attempts.

Signs of Infection

Victims may notice unusual activity in their Microsoft accounts following a successful phishing attempt. This includes unauthorized access to emails, files, and Microsoft Teams information. If users receive unexpected emails requesting verification or login details, they should be cautious.

How to Protect Yourself

To safeguard against these phishing attacks, users should:

  • Verify email sources before clicking on links or downloading attachments.
  • Enable multi-factor authentication (MFA) on their Microsoft accounts to add an extra layer of security.
  • Educate employees about recognizing phishing attempts and the importance of reporting suspicious emails.
  • Regularly monitor account activity for any unauthorized access.

What to Watch

As the EvilTokens kit gains traction, it is likely that more phishing campaigns will emerge, utilizing similar tactics. Organizations should stay informed about evolving phishing techniques and continuously update their security measures. Additionally, keeping an eye on threat intelligence reports can help in identifying new threats early on.

🔒 Pro insight: The EvilTokens phishing kit exemplifies the increasing sophistication of phishing-as-a-service models, necessitating enhanced security awareness and training.

Original article from

SCSC Media
Read Full Article

Share

Related Pings

HIGHFraud

Drift Protocol - $285 Million Lost in Major Crypto Heist

Drift Protocol has lost an estimated $285 million in a major crypto heist linked to an exposed private key. All transactions are suspended as investigations proceed. This incident underscores the vulnerabilities in decentralized finance platforms.

SC Media·
HIGHFraud

Drift Protocol Hacked - $280 Million Stolen in Heist

A major security breach at Drift Protocol has resulted in a staggering $280 million loss. The hackers executed a sophisticated attack without exploiting flaws. Users are advised to avoid depositing funds while investigations are ongoing.

BleepingComputer·
MEDIUMFraud

Business Email Compromise - The New Threat Landscape Explained

A recent fraud attempt shows how business email compromise is evolving. Small organizations are now prime targets for these scams. Awareness is key to staying safe.

Cisco Talos Intelligence·
HIGHFraud

Drift Crypto Platform Hack - $280 Million Stolen by North Korea

A massive $280 million was stolen from Drift, a crypto platform, linked to North Korean hackers. This breach raises alarms about security in decentralized finance. Drift is working to trace the stolen assets and improve security measures.

The Record·
HIGHFraud

Vacant Homes - Adversaries Exploit Mail for Fraud

Criminals are exploiting vacant homes to intercept mail and commit fraud. This method targets sensitive information, leading to identity theft. Stay vigilant and monitor your mail to protect yourself.

BleepingComputer·
HIGHFraud

EvilTokens - New Phishing Campaign Abuses Microsoft Login

A new phishing campaign called EvilTokens is exploiting Microsoft’s device code flow to hijack accounts. Users in multiple countries are at risk. Stay alert and protect your credentials!

CSO Online·