Microsoft, Inc., the software magnate, recently cautioned business email customers about an ongoing phishing campaign. The offensive zeroes in on about 10,000 businesses. The attack started this past fall and has continued in the months since.
The phishing campaign was identified as a threat to Microsoft and its business clients. Hackers carefully orchestrated the attack to bypass multifactor authentication, meaning the two passwords users typically have to enter to access email accounts were not required. The hackers accessed those inboxes and stole information for fraudulent purposes.
The attack is a form of covert phishing in which hackers tap into the payment information of corporate vendors. The campaign has considerable depth as multiple variations are used to zero in on specific targets. The phishing scam has harmed thousands of organizations in less than a year. The brunt of the attack relies on a form of business email compromise where digital criminals send data or money requests that appear to be sincere and forthright yet are nothing more than criminal theft.
This breach occurred in January 2021.
The attack is not specific to a single type of business or industry. Instead, the attack targets tens of thousands of companies. Even businesses that have gone to the extent of implementing multifactor authentication have become victims.
At the moment, digital security specialists believe more than 10,000 businesses and other organizations have been exposed to the phishing scam. The phishing scam targets people, especially those who lack technical understanding, instead of digital files. To read more about this breach, read Microsoft Phishing Bypassed MFA Attacking 10,000 Companies.