How To Enable Gaming Mode on Android 12

Back in Februry, folks at XDA had spotted an unreleased Gaming Dashboard in the works for Android 12. But up until now, there were no clear...

Tuesday

Office 365 users at risk as phishing campaign uses Kaspersky’s stolen Amazon SES token

Posted by   on





Don Sharpe

by Don Sharpe

Author




Don has been writing professionally for over 10 years now, but his passion for the written word started back in his elementary school days. His work has been published on Livebitcoinnews.com, Learnbonds.com, eHow, AskMen.com,… Read more






  • Kaspersky has issued a statement that there is a phishing campaign targeting Office 365 users.

  • The phishing campaign is through the Amazon Simple Email Service (SES) token.

  • An email from an official Kaspersky account was used in the phishing campaign.



Cybercriminals seem to be having a field day with the number of phishing campaigns reported lately. Kaspersky makes the list as the latest entrant in these attacks. 


Microsoft had a similar phishing campaign attack a few months ago with the criminals thirsty for credentials.


Kaspersky security experts have detected phishing attempts that target Office 365 users through the Amazon SES. 


The Amazon SES is an email service that allows developers to send emails from any app for different cases.


Servers are safe


The phishing campaign is not linked to one individual as it seems it is a multi-criminal attack. Two phishing campaign kits appear to have been used, namely Iamtheboss and another named MIRCBOOT.


The servers have not been compromised, as the SES token was revoked immediately after the phishing attacks were discovered.


Sourcing for credentials


The cybercriminals made an attempt by camouflaging the phishing messages and redirecting users to the phishing landing pages. The aim was to harvest the victims’ Microsoft credentials.


The cybercriminals used an official Kaspersky email through the Amazon Web Services infrastructure.


This enabled them to easily bypass Secure Email Gateway (SEGs) protections and access the victims’ mailboxes.


Users to stay vigilant


Although no servers were compromised or malicious activities were detected, Kaspersky advises its users to be extra vigilant and cautious when asked for their credentials.


If you are unsure where the emails are coming from, you can verify the sender’s identity on Kaspersky’s blog.


What are some of the tips you use to protect yourself from cyber-attacks? Share with us in the comment section below.




No comments:
Write Comments

Hello Friends, welcome to autobloginc.blogspot.com we Hope You'll like it - COntact US
!!THANK YOU FOR YOUR SUPPORT!!