Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11New phishing tool targets Microsoft 365 and Gmail accounts
A new phishing toolkit called Tycoon 2FA that is capable of tricking and taking over even well-protected accounts is targeting Microsoft 365 and Gmail accounts.
Although two-factor authentication (2FA) is considered a safe security method, a new set of phishing tools can bypass this layer of security and threaten accounts.
New phishing tool targets Microsoft 365 and Gmail accounts Picture 1
The security research team at Sekoia Threat Detection & Research said that the Tycoon 2FA toolkit uses the "Adversary-in-the-Middle" Phishing toolkit to deceive users, acting as a platform. Popular Phishing-as-a-Service (PhaaS) platform on private Telegram channels.
The attacker will send the user an email containing a QR code or a link to a fake website. When the victim interacts with the link or QR code, the website triggers Cloudflare security checks. Users tend to ignore this because it is quite common nowadays.
The victim will then be directed to a fake Microsoft page asking to enter login information. If the victim complies, the bad guys will steal the login name and password. Tycoon 2FA will then display a fake 2FA page, asking to verify the user's identity.
According to researchers, to bypass security measures, criminals will intercept and keep 2FA tokens. This login cookie will be stolen and can be reused at any time, easily bypassing the account's 2FA protection.
Experts warn users to keep a few things in mind to protect themselves from phishing attacks.
- Be careful with unfamiliar emails: Do not click on any links or QR codes in unfamiliar emails.
- Double check the website address: Before entering your login information, double check that the website address matches the official Microsoft website or Gmail.
- Use strong passwords: Use strong and different passwords for each account. You should change your password regularly.
- Enabling two-factor authentication (2FA) helps protect accounts even if an attacker gets hold of the password.
- Always update anti-virus and security software on your device.
Jessica TannerYou should read it
- How to secure Google information from the Google Docs attack?
- Microsoft shows how to avoid trapping phishing
- Secure Gmail with 2-layer password
- Google uses machine learning for new security features on Gmail
- [Infographic] 4 types of Phishing are easy to trap users
- Instructions for adding recovery email to Gmail
- Microsoft account enhances two-layer security
- New phishing toolkit discovered that makes it easy to create fake Chrome browser windows
- How to check the login activity of Gmail
- Comprehensive Gmail security guide
- How to hack Gmail's two-step authentication
- The Gmail application on the new iPhone has an extra important security feature
Maybe you are interested
Should I buy a USB, Bluetooth or NFC security key?
4 Security Steps to Follow When Using Remote Access Applications
Series of DrayTek router models have security holes
If you have an AMD CPU, install this important security update!
Roundup of new Chrome features and security updates
Google releases emergency security patch, fixes 4 security flaws on Chrome
Tech info
9 brain exercises to help enhance memory and concentration- Germany and France break through in developing MGCS tanks 'stronger than Armata'
- The US laser weapons program went up in smoke
- Will Netflix bring games to smart TVs and iPhones as controllers?
- Will Google weather the legal storm?
- The White House makes a final push for an internet subsidy program for 23 million American households
9 brain exercises to help enhance memory and concentration
Germany and France break through in developing MGCS tanks 'stronger than Armata'
The US laser weapons program went up in smoke
Will Netflix bring games to smart TVs and iPhones as controllers?
Will Google weather the legal storm?
The White House makes a final push for an internet subsidy program for 23 million American households