Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11New phishing tool targets Microsoft 365 and Gmail accounts
A new phishing toolkit called Tycoon 2FA that is capable of tricking and taking over even well-protected accounts is targeting Microsoft 365 and Gmail accounts.
Although two-factor authentication (2FA) is considered a safe security method, a new set of phishing tools can bypass this layer of security and threaten accounts.
The security research team at Sekoia Threat Detection & Research said that the Tycoon 2FA toolkit uses the "Adversary-in-the-Middle" Phishing toolkit to deceive users, acting as a platform. Popular Phishing-as-a-Service (PhaaS) platform on private Telegram channels.
The attacker will send the user an email containing a QR code or a link to a fake website. When the victim interacts with the link or QR code, the website triggers Cloudflare security checks. Users tend to ignore this because it is quite common nowadays.
The victim will then be directed to a fake Microsoft page asking to enter login information. If the victim complies, the bad guys will steal the login name and password. Tycoon 2FA will then display a fake 2FA page, asking to verify the user's identity.
According to researchers, to bypass security measures, criminals will intercept and keep 2FA tokens. This login cookie will be stolen and can be reused at any time, easily bypassing the account's 2FA protection.
Experts warn users to keep a few things in mind to protect themselves from phishing attacks.
- Be careful with unfamiliar emails: Do not click on any links or QR codes in unfamiliar emails.
- Double check the website address: Before entering your login information, double check that the website address matches the official Microsoft website or Gmail.
- Use strong passwords: Use strong and different passwords for each account. You should change your password regularly.
- Enabling two-factor authentication (2FA) helps protect accounts even if an attacker gets hold of the password.
- Always update anti-virus and security software on your device.
Jessica TannerYou should read it
- Secure Gmail with 2-layer password
- Google uses machine learning for new security features on Gmail
- [Infographic] 4 types of Phishing are easy to trap users
- Instructions for adding recovery email to Gmail
- Microsoft account enhances two-layer security
- New phishing toolkit discovered that makes it easy to create fake Chrome browser windows
- How to check the login activity of Gmail
- Comprehensive Gmail security guide
May be interested
- 9 brain exercises to help enhance memory and concentration
engaging in brain training exercises can enhance mental agility and help your brain stay focused and resilient. below are some carefully researched exercises and games for your reference. - Germany and France break through in developing MGCS tanks 'stronger than Armata'germany and france have signed a 'groundbreaking agreement' on the development of a new generation european tank - mgcs, which is expected to replace the leopard 2 and leclerc.
- The US laser weapons program went up in smokeaccording to war zone, the us airborne high-power laser weapons program has gone up in smoke.
- Will Netflix bring games to smart TVs and iPhones as controllers?netflix is currently making efforts to expand the experience for gamers when expanding its video game platform to smart tvs.
- Will Google weather the legal storm?billions of records containing personal information collected from more than 136 million chrome users in the us will be deleted by google. this is part of an agreement to settle a lawsuit accusing google of illegal user surveillance.
- The White House makes a final push for an internet subsidy program for 23 million American householdsthe white house plans to continue efforts to persuade congress to extend an internet subsidy program used by 23 million american households, just weeks before the program runs out of money, according to reuters news agency.
Russian Hacker is using Google's own infrastructure to hack Gmail users
Merge multiple accounts in one Gmail mailbox
Microsoft shows how to avoid trapping phishing
2.5 billion Gmail users need to be vigilant and follow these things![Photo of [Infographic] 4 types of Phishing are easy to trap users](https://tipsmake.com/data/thumbs_80x80/[infographic]-4-types-of-phishing-are-easy-to-trap-users_thumbs_80x80_q5IK2um5z.jpg)
[Infographic] 4 types of Phishing are easy to trap users