Second Microsoft alert, there is a real wave of virtual attacks that intend to steal personal information. This theft would happen through permissions innocently given to the bandits, so that they can read the contents of the victim's emails.
In this case of attacks, there is a greater interest in users who subscribe to the Office 365 package, which is then the faction's target audience. Thus, crooks would take advantage of app authorization systems to gain access to the inbox.
see more
Is it better to eat boiled eggs for lunch or dinner? Find out here
With me-no-one-can: Meet the plant capable of warding off evil eyes
Read more: Alert: 7 million pieces of data were leaked by a subtitle download site after hacking.
Consequently, the crooks would dedicate themselves to reading the emails in search of information that was relevant and crucial. In addition, they would configure the email to have access to contacts and be able to write and send emails on behalf of the victim.
As it happens?
According to information made available by Microsoft, the attack starts from contact with a dangerous application that arrives via the victim's email. However, this application is clearly disguised, usually being a supposed update request for Microsoft services.
Therefore, be suspicious if by chance an update request named “Upgrade to Office 365 services” appears in your email. Because, if you grant the permissions requested by the application, you will be one of the victims who will have their information stolen.
How to prevent the attack?
To prevent this loss of data, Microsoft makes users aware of the correct use of the OAuth protocol. This is because this protocol can be used by platforms and digital services of servers interested in accessing personal data. Therefore, it is necessary for the user to understand that effective access credentials are personal and non-transferable.
In addition, the user also needs to be aware of possible read permissions in emails and messages. It is through these permissions that crooks can also gain full access to your email.
Finally, Microsoft warned that it has been working on ways to combat the problem, but that it has the help of subscribers. So, do your part by preventing the ordered attacks and avoid further concerns in the future.