How to avoid the phishing attack hacks your Hotmail account

Without a doubt, Phishing attacks are a major problem that can put the security of users at risk. They are widely used to steal passwords and personal data. Cybercriminals use different strategies and one of them is to send an email. In this article we echo how a new Phishing attack is able to bypass two-factor authentication and affect Microsoft email users. Therefore, if you use Hotmail you may be in danger.

Phishing attack against Hotmail accounts

avoid the phishing attack hacks your Hotmail account

A Phishing attack uses a bait, a trick, to get us to click on a link. For example, they can say that there is a problem with the account, that we must update data, etc. When we click on that link, we are not actually going to the official site, but we are entering a fake page, created to steal data. Upon login, the victim sends the password to the attacker.

But in this case we are facing an attack that goes a little further. According to security researchers at Zscaler, they have discovered a campaign that targets Microsoft emails and uses a technique called AiTM to bypass multi-factor authentication. What this type of technique does is avoid having to put that second step to enter.

What two-factor authentication does is create an extra layer of protection. Beyond a password, for example to enter the mail we have to put a code that we receive by SMS. But of course, if hackers manage to skip that step, simply by knowing the access key they could get in.

It all starts with an e-mail sent to the victim. That’s the key of everything. If the user falls for the trap and interacts with that email, the attack begins. You have to click and continue the process. But the difference is that this type of AiTM technique allows the attacker to stand between the user’s device and the target service. It acts as a proxy. This way you can steal session cookies and you don’t have to re-validate the account when you log in, so you don’t have to put in that second step.

Extensiones anti Phishing

What to do to avoid this attack

As you can see, Phishing attacks are becoming more sophisticated and can also break multi-factor authentication. However, the security measures you should take are basically the same as always: common sense and avoid making mistakes. This is the main thing. Do not click or log in from unknown links that come to you by email.

It is also a good idea to have security programs . Although an antivirus by itself may not help you protect yourself from Phishing, in the event that you download a file that could be dangerous, it would help you detect and eliminate it before it is too late.

Also, keeping your computer up-to-date properly can help and be very helpful. You will be able to correct possible vulnerabilities that may exist and thus prevent hackers from exploiting them.

In short, Phishing is a major problem and it is convenient to know when a link is dangerous. That will help you avoid many hacks that steal your passwords and cause your devices to start malfunctioning.