Be careful with your Microsoft 365 account. Hackers are reportedly targeting Microsoft accounts through the popular WhatsApp and Signal messaging platforms.
Tech and cybersecurity website Bleeping Computer reported that “Russian threat actors” are “impersonating officials from European countries and [contacting] targets” in order to gain access to potential victims’ 365 accounts. The hackers have apparently targeted employees at organizations tied to human rights and Ukraine.
“The purpose is to convince potential victims to provide Microsoft authorization codes that give access to accounts, or to click on malicious links that collect logins and one-time access codes,” wrote Bleeping Computer, which reported cybersecurity company Volexity has been tracking these attempted hacks since March.
Mashable Light Speed
This Tweet is currently unavailable. It might be loading or has been removed.
How to spot the potential hack
Volexity, the cybersecurity company that spotted this potential hack, has a blog post about the issue, which is a great, detailed resource for folks worried they could be targeted. The blog post notes that the bad actors sent messages over Signal, WhatsApp, and, in one case, a compromised Ukrainian government email address. The messages directed potential victims to click a link purporting to be a meeting on Ukraine-related issues.
Volexity also posted screenshots of the Signal and WhatsApp messages. So, texts or emails like these should raise a red flag.
Credit: Volexity
As always, be careful what you click out there. Especially if you work at a human rights organization.
Have a story to share about a scam or security breach that impacted you? Tell us about it. Email [email protected] with the subject line “Safety Net” or use this form. Someone from Mashable will get in touch.
