Phishing Scams are getting more and more sophisticated. We have always (and still do) strongly encouraged two-factor authentication to protect your accounts. But two-factor alone is not enough to protect your valuable data.

In the attack demonstrated in the video, the attacker successfully gains access to a user’s Office 365 account, despire the user being enrolled in two-factor authentication. They did this by using a tool known as a reverse proxy that uses a server of your choice to retrieve web pages from another server. It’s a critical technology for many different web and security applications. But, like many things, it can be abused. In this attack, the victim is presented with a secure looking and genuine Microsoft login page. But, pay close attention to the URL: 

As you can see, the attacker has cleverly disguised the domain name to look like a genuine login page: login.outlook.live.com.no-phish.com. To the un-trained eye, this might look like a legitimate link. But remember everything before the first slash is the domain name. In this example, live.com IS NOT the domain, no-phish.com is:

login.outlook.live.com.no-phish.com

In this case, your browser is actually connecting to no-phish.com, an attacker domain. When logging into services, please pay attention to the actual domain you are logging into. The example below is a genuine login page:

The Green Padlock Is Not Guaranteed Security

Did you notice that in the example above, the green “secure” padlock is present? That’s because the attacker to obtain a genuine SSL certification for the domain login.outlook.live.com.no-phish.com. It’s important to note that the green padlock does not guarantee that you are where you want to be on the internet. Only your keen eye can verify that. The green padlock simple means that the domain you are connecting to is secured using an SSL certificate from an approved/trusted certificate authority. It does not mean that the website has been screened for its intent.

How We Protect You With Stellar IT

No security is fool-proof, and brand new phishing domains like this often sneak through the cracks. However, our advanced Stellar Security stack does help prevent phishing attacks like this from reaching you. It is still very important to always verify the page that you’re logging into before submitting your username and password. Even with two-factor authentication enabled.

Share This