Microsoft’s security center has released a new report that addresses a growing form of cyberattack: “hijacking” accounts that victims haven’t yet created on online services.
According to the research, this type of scam is becoming increasingly common, using social networks and other services that allow pre-creation of accounts based on small personal information, such as an email address, and then completion of registration.
As a result, cybercriminals can access profiles even if the victim’s chosen password is strong or if the victim takes basic privacy precautions. The group analyzed 75 pages of online services and found that at least 35 of them were vulnerable to this type of scam.
anatomy of a stroke
Microsoft experts call the scheme “preemptive”because it involves having an account before it even exists.
In this case, there are several ways to steal data; From waiting until the real user logs in with an active session, to using an already compromised email, to “merging” records and gaining access to both the offender and the victim.
After owning the account, fraudsters can change the password and lock the original user from the profile, using the account for identity theft, bank fraud, and other fraud. The entire research can be viewed at this link.
According to Microsoft, the use of two-factor authentication mechanisms and better mechanisms for merging accounts or changing passwords should be a priority for digital services.
Source: Tec Mundo
