Forbes reported:
This is where these 2SP cyber attacks get really clever, although I hate applying that word to cybercriminals. “To access the embedded URL, victims are instructed to hold down the Ctrl key and click,” the Perception Point researchers said, “a subtle yet highly effective action designed to evade email security scanners and automated detection tools.”
By asking for this human interaction, the attackers hope to bypass automated systems that don’t expect such a behavior in an attack.
The victim is now redirected to another fake page, this time one that looks for all intents and purposes to be a Microsoft 365 portal login page which is designed, of course, to steal user credentials.
By asking for this human interaction, the attackers hope to bypass automated systems that don’t expect such a behavior in an attack.
The victim is now redirected to another fake page, this time one that looks for all intents and purposes to be a Microsoft 365 portal login page which is designed, of course, to steal user credentials.
Find the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat