[et_pb_section fb_built=”1″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_row column_structure=”2_5,3_5″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_column type=”2_5″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_image src=”http:\/\/kinetics.co.nz\/wp-content\/uploads\/2021\/08\/Aug21Phishing.jpg” title_text=”Aug21Phishing” url=”https:\/\/twitter.com\/MsftSecIntel\/status\/1421232634357714947?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1421232634357714947%7Ctwgr%5E%7Ctwcon%5Es1_” url_new_window=”on” _builder_version=”4.9.4″ _module_preset=”default”][\/et_pb_image][et_pb_image src=”http:\/\/kinetics.co.nz\/wp-content\/uploads\/2021\/08\/Aug21bPhishing.jpg” title_text=”Aug21bPhishing” url=”https:\/\/twitter.com\/MsftSecIntel\/status\/1421232635502682118?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1421232638992347139%7Ctwgr%5E%7Ctwcon%5Es2_” url_new_window=”on” _builder_version=”4.9.4″ _module_preset=”default”][\/et_pb_image][\/et_pb_column][et_pb_column type=”3_5″ _builder_version=”4.9.4″ _module_preset=”default”][et_pb_text _builder_version=”4.9.4″ _module_preset=”default”]<\/p>\n
“Typosquatting” is the name given to criminals pretending to be someone they aren’t – taking a domain name that uses a clever combination of legitimate-looking original sender email addresses, with spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.\u00a0 The hackers are starting to host some of their platforms on Microsoft and Google to further add to the sense of authenticity.\u00a0\u00a0<\/p>\n
These are highly compelling when they mimic organisations that you typically expect to receive emails from and would normally trust.\u00a0 We’ve seen examples where the supposed shared document is something you might normally take a look at – OneDrive, SharePoint, Teams or Google drive links to files with names like “Staff Reports”, “Performance Bonus” or “Price List”.\u00a0<\/p>\n
If you click on the link they will take you to a fake login page.\u00a0 These fakes are very high quality, and of course, we’re all so used to logging in to 365 or Google that most of us will simply type in their credentials.\u00a0 Once yo do that, the hacker has got you.\u00a0\u00a0<\/p>\n
Hopefully you have turned on MFA. Multi-factor authentication makes it harder for the hacker to get to your data, but not impossible.\u00a0 \u00a0The simplest thing they can do is have their fake website immediately apply your credentials an try to log in as you.\u00a0 If they see an MFA prompt, then they will ask you for your code,\u00a0 \u00a0or have your mobile app prompt you to approve the login.\u00a0 At least you have had a moment to think about it though.<\/p>\n
The best defenses are :<\/p>\n
Some clues have emerged from the current attack.\u00a0 Look out for words like ‘referral’ or ‘reminder – x shared this without 7 days ago’<\/p>\n
Remember, we’re more vulnerable than normal when working from home, when we can’t check these as easily.<\/strong><\/p>\n <\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" “Typosquatting” is the name given to criminals pretending to be someone they aren’t – taking a domain name that uses a clever combination of legitimate-looking original sender email addresses, with spoofed display sender addresses that contain the target usernames and domains, and display names that mimic legitimate services to try and slip through email filters.\u00a0 […]<\/p>\n","protected":false},"author":5,"featured_media":7778,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4,5],"tags":[],"class_list":["post-7777","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-security"],"_links":{"self":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/7777","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7777"}],"version-history":[{"count":0,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/wp\/v2\/posts\/7777\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=\/"}],"wp:attachment":[{"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7777"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7777"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/new.kinetics.co.nz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7777"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}