Beware! Cybercriminals are exploiting an open redirect vulnerability for phishing assaults that impersonate Nespresso to steal Microsoft logins. Tens of millions of customers are probably in danger!
Notion Level, a outstanding cybersecurity agency, has recognized a brand new phishing marketing campaign using compromised accounts. This marketing campaign targets customers by an open redirect vulnerability inside a website owned by Nespresso, a widely known espresso producer.
This redirect methodology helps menace actors bypass normal detection techniques, permitting the attackers to extract Microsoft login credentials. Victims are left with a bitter aftertaste worse than their morning cup of espresso.
The assault begins with an e mail originating from a compromised account, mimicking a Microsoft multi-factor authentication request. It’s value noting that the e-mail analysed by Notion Level got here from a compromised Financial institution of America worker.
In line with the report shared by Notion Level with Hackread.com, upon clicking the hyperlink within the e mail, recipients are redirected to a compromised Nespresso URL deliberately chosen by the attackers because of its recognition and legitimacy.
Additional, exploiting an open redirect vulnerability on the Nespresso web site, the menace actor redirects customers to a pretend Microsoft login web page. The target? Harvesting victims’ credentials and leaving a bitter twist to their malicious brew.
Victims of this phishing assault danger shedding entry to numerous Microsoft companies, together with Skype, Outlook, Xbox, Microsoft 365, Household Security, Bing Microsoft Retailer, and probably even work accounts. This stolen knowledge could possibly be used for additional phishing makes an attempt, identification theft, and even monetary fraud.
Nespresso has but to touch upon the assault, however prospects are suggested to be cautious when receiving emails asking for private info. To remain secure, prospects ought to at all times confirm the authenticity of emails and keep away from clicking on suspicious hyperlinks.
RELATED TOPICS
- Nespresso good playing cards might be exploited for limitless espresso
- White hat hacker infects good espresso machine with ransowmare
- How a espresso machine contaminated manufacturing unit units with ransomware
- In-Retailer WiFi Supplier Used Starbucks Web site to Generate Crypto
- Researcher claims Starbucks cellular app bought hacked, card knowledge stolen
