Hackers have found a way to log into your Microsoft email account

Account holders for Microsoft email services are being targeted in a phishing campaign, according to security researchers from Zscaler’s ThreatLabz group.

The objective behind the threat actors’ efforts is believed to be the breaching of corporate accounts in order to perform business email compromise (BEC) attacks.

Stock Depot/Getty Images

As reported by Bleeping Computer, BEC-based activity would see payments being redirected toward hackers’ bank accounts via the use of forged documents.

Zscaler, a cloud security company, said that targets were involved in various industries, such as fin-tech, lending, accounting, insurance, and Federal Credit Union organizations based in the U.S., U.K., New Zealand, and Australia.

At the moment, it seems the campaign has yet to be properly addressed by Microsoft, with new phishing domains being published nearly every day.

The campaign was originally detected in June 2022, with analysts observing a sudden rise in phishing attempts against the aforementioned industries, in addition to account holders of Microsoft email services.

Threat actors would incorporate links to the emails as buttons or HTML files that would redirect the target to a phishing page. Bleeping Computer points out how certain platforms don’t see open redirects as a vulnerability, which has led to these malicious redirects going through Google Ads, Snapchat, and DoubleClick.

Businesses and individuals are increasingly turning to multifactor authentication to secure their accounts. As such, obtaining a login email and password nowadays won’t provide anything of value to hackers.

Custom phishing kits and reverse proxies like Evilginx2, Muraena, and Modilshka have now come into play to bypass an MFA-enabled account.

A phishing proxy that essentially acts as a middle man between the victim and email provider service is capable of extracting the authentication cookies. Through this method, hackers can use the stolen cookies to log in and completely evade MFA for an account.

For this particular campaign, a custom proxy-based phishing kit was found utilizing the Beautiful Soup HTML and XML parsing tool, which amends actual login pages derived from corporate logins in order to incorporate phishing components.

Cyberattacks in general have nearly doubled since last year, while Microsoft itself started an initiative to tackle the rapid rise of cybercrime with its Security Experts program.

Related posts

Latest posts

The back of this phone changes color, but something else makes it excellent

The back of the Realme 14 Pro Plus changes color with the temperature. It's a fun feature, but I found something else that makes it worth buying.

What is RedNote? Everything you need to know about the TikTok alternative

TikTok could soon be removed from the U.S. market. Should you switch to RedNote instead? Let's take a look.

Apple’s 2024 ended well, but AI trouble is on the horizon

Apple closed 2024 as the top brand in smartphone shipments, but it wasn't all good news, as it faces serious problems in another key market.

I tried a 3D smartphone from the future

3D phones have come and gone. In 2025, Leia wants to bring them back and make them a staple of the future.

Nvidia may soon bid farewell to its most popular GPU

As the RTX 50-series is right around the corner, it's almost time to bid farewell to some of Nvidia's most popular GPUs.

This small gadget can clone your voice and help you speak a new language

Have you ever wanted a small device that can clone your voice and help you speak a new language? Vasco created one, and I tried it at this year's CES.

Google is testing a feature that will let AI hide away internet pop-ups

This upcoming Chrome feature could make internet popups considerably less annoying. Let's hope it works.

Incredible research shows wearables help detect chronic health issues

According to new research, wearables like an Apple Watch or an Oura smart ring can detect the symptoms and predict flare-ups of chronic bowel inflammatory woes.

This $200 phone has the solution to all of our smartphone battery life problems

Modern smartphone battery life is good, but most phones still need to be charged after a day or two. A new phone from TCL is bucking that trend.

See the next ‘world’s thinnest folding flagship’ phone before its announced

The Oppo Find N5/OnePlus Open 2 is all set to become the world's thinnest big-screen folding phone, and we've got a look at it ahead of announcement.