Updated on Dec. 9 with another message attack now targeting users.
America’s cyber defense agency now warns Google, Microsoft and Apple users to secure their accounts — change passwords, remove SMS two-factor authentication and add passkeys. But hackers are quickly evolving their attacks. Even a message from Google, Apple or Microsoft may be an attack, as hackers target your accounts.
Apple warns attacks now use “sophisticated tactics to persuade you to hand over personal details such as sign-in credentials (and) security codes.” Last month, these tactics made headlines, with hackers triggering automated Apple security messages at the same time as calling the target, pretending to be from Apple Support.
Google Account holders face the same threats. One Redditor has just asked how an attacker can “send Google Security Prompts directly to my phone?” The answer is that anyone can initiate an account recovery process for your address. That’s why these prompts tell you to ignore the message unless you triggered it yourself.
But in this case — just as with the recent Apple attacks — there was a person on the phone from “Google’s security team” at the same time. It’s that combination — an attack mixed with automated, legitimate messages that’s the convincer. Then the caller asks you to read out one of these automated codes, and you lose your account.
It’s easy to stay safe. “If you get an unsolicited or suspicious phone call from someone claiming to be from Apple or Apple Support, just hang up,” says Apple. And Google says exactly the same. “Please reiterate to your readers,” the company asked me, “that Google will not call you to reset your password or troubleshoot account issues.”
It really is that simple. If you get the call, it’s an attack.
As for unexpected security prompts, if you have not initiated an account recovery process or clicked to reset a forgotten password or changed a device, then you must ignore the prompts or messages. Do not click. Do not share codes via email, text or call. Do not engage with anyone contacting you at that same time. It’s always an attack.
With perfect timing, a new Microsoft warning adds to the recent Apple and Gmail alerts for this devious kind of attack. Per SpiderLabs, “we’ve analyzed an attack chain starting with social engineering and ending with fileless malware execution.”
The security team explains that a victim “receives a Teams call from an attacker impersonating Senior IT Staff (spoofed display name). The Attacker convinces user to launch QuickAssist. ~10 mins later: Redirected to ciscocyber[.]com/verify.php. (Then) ‘updater.exe’ deployed (disguised as legitimate updater).”
GBHackers explains that “the infection sequence begins via a social engineering vector in which threat actors impersonate Senior IT Staff by spoofing display names in Microsoft Teams call notifications. Victims receive unexpected calls from what appears to be legitimate internal IT support personnel.”
Beware — this type of attack is only going to get worse.
Do not take these calls. Period.
Read the full article here
