Outlook Users Targeted by Hackers: How the Scheme Works?.

Outlook users have been warned about a new dangerous phishing attack that steals their login data and gains access to their accounts. This was reported by The Sun.

Researchers at SlashNet have discovered an attack that bypasses two-factor authentication (2FA) by intercepting the session and credentials in real-Time.

Cybercriminals send users links via email that infect their devices after they click on them. The link redirects users to a fraudulent login page that looks like the original login page, so the security warning does not raise suspicion.

Users are often unaware that they have landed on a fake page and enter their login details, providing the attackers access to their accounts.

Researchers note that the new phishing campaign Astaroth also rapidly intercepts 2FA authentication tokens and session cookies. This allows attackers to bypass two-factor authentication consistently and accurately.

Therefore, even if users receive an SMS code for account access, the attackers will still be able to intercept it.

Phishing fraud involving fake login pages is already widespread, but Astaroth is particularly sophisticated as it collects authentication data in real-time.

In the dark web, the Astaroth phishing kit was sold for $2,000 and included updates for six months.

Additionally, Gmail users were warned about a new type of fraud using artificial intelligence that steals their personal information and hacks their accounts. The FBI had already warned about this last May.

These attacks can lead to financial loss, reputational damage, and exposure of confidential information.