Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11New phishing tool targets Microsoft 365 and Gmail accounts
A new phishing toolkit called Tycoon 2FA that is capable of tricking and taking over even well-protected accounts is targeting Microsoft 365 and Gmail accounts.
Although two-factor authentication (2FA) is considered a safe security method, a new set of phishing tools can bypass this layer of security and threaten accounts.
The security research team at Sekoia Threat Detection & Research said that the Tycoon 2FA toolkit uses the "Adversary-in-the-Middle" Phishing toolkit to deceive users, acting as a platform. Popular Phishing-as-a-Service (PhaaS) platform on private Telegram channels.
The attacker will send the user an email containing a QR code or a link to a fake website. When the victim interacts with the link or QR code, the website triggers Cloudflare security checks. Users tend to ignore this because it is quite common nowadays.
The victim will then be directed to a fake Microsoft page asking to enter login information. If the victim complies, the bad guys will steal the login name and password. Tycoon 2FA will then display a fake 2FA page, asking to verify the user's identity.
According to researchers, to bypass security measures, criminals will intercept and keep 2FA tokens. This login cookie will be stolen and can be reused at any time, easily bypassing the account's 2FA protection.
Experts warn users to keep a few things in mind to protect themselves from phishing attacks.
- Be careful with unfamiliar emails: Do not click on any links or QR codes in unfamiliar emails.
- Double check the website address: Before entering your login information, double check that the website address matches the official Microsoft website or Gmail.
- Use strong passwords: Use strong and different passwords for each account. You should change your password regularly.
- Enabling two-factor authentication (2FA) helps protect accounts even if an attacker gets hold of the password.
- Always update anti-virus and security software on your device.
Jessica TannerYou should read it
- Secure Gmail with 2-layer password
- Google uses machine learning for new security features on Gmail
- [Infographic] 4 types of Phishing are easy to trap users
- Instructions for adding recovery email to Gmail
- Microsoft account enhances two-layer security
- New phishing toolkit discovered that makes it easy to create fake Chrome browser windows
- How to check the login activity of Gmail
- Comprehensive Gmail security guide
May be interested
- Manage multiple accounts in one Gmail mailbox
gmail continues to be complemented by google with the latest feature that has just been released on december 15, allowing you to manage multiple gmail accounts in the same gmail mailbox without having to log out and log in multiple times. - Exit Gmail, log out of your Gmail account, Logout Gmail remotelylogging out to a gmail account remotely will help users to prevent account hacking, when you access your gmail account on another device and forget your account.
- How to log in to multiple Gmail accounts at the same time on 1 computergmail is the largest global e-mail service with millions of daily use. at work we can not only use one but must use multiple gmail accounts at the same time. invite you to learn how to login multiple gmail accounts to the computer below!
- Warning: Phishing attacks targeting Microsoft Teams show signs of sharp increasemicrosoft teams is reluctant to be the new target that online scammers are targeting.
- How to own multiple Gmail addresses with just one accounthaving to create many new gmail accounts to access online services like facebook, instagram or twitter sometimes makes it difficult for you to remember the names of your accounts. so what to do to just create a gmail account but use it for many services? please follow the article below for details!
- Comprehensive Gmail security guidehow to protect gmail accounts safely from the situation of cyber crime and cyber security getting worse? follow the instructions in this article to keep gmail comprehensive.
- How to delete all emails of a specific sender on Gmail?here's how to delete email from a user, delete gmail messages by keyword in the simplest way. if you need to delete spam emails on gmail, you can also use this way. so, don't skip this useful email deletion procedure!
- How to sign in to Gmail, sign in to multiple Gmail accounts at the same timesign in to gmail and sign in to multiple gmail accounts on the browser to handle multiple tasks and needs at the same time without losing time to exit this account to log in to another account. but how to login multiple gmail on the browser?
- How to create a Gmail account for children under 18 years old 2021how to create a gmail account for adults over 18 is quite simple? so for children under the age of allowing google, how can i create gmail accounts for children?
- New phishing toolkit discovered that makes it easy to create fake Chrome browser windowsinternational security researchers have recently discovered a dangerous set of phishing tools. this tool is designed to allow scammers and cybercriminals to create simple and effective online phishing login forms using just a fake chrome browser window.
Tech info
- 9 brain exercises to help enhance memory and concentration
- Germany and France break through in developing MGCS tanks 'stronger than Armata'
- The US laser weapons program went up in smoke
- Will Netflix bring games to smart TVs and iPhones as controllers?
- Will Google weather the legal storm?
- The White House makes a final push for an internet subsidy program for 23 million American households
9 brain exercises to help enhance memory and concentration
Germany and France break through in developing MGCS tanks 'stronger than Armata'
The US laser weapons program went up in smoke
Will Netflix bring games to smart TVs and iPhones as controllers?
Will Google weather the legal storm?
The White House makes a final push for an internet subsidy program for 23 million American households