Once at home work (remote working) became inappropriate for many companies, Bank and institutions, the strategy of computer attackers has also changed.
Microsoft has that more and more malicious applications what about the Office 365 accounts, and the method of Securize with token oautoth is canceled if the user Accept the access of such applications to the Office 365 account.
It's O Metoda de PHinging “Fashion” During this period, what is based on Non -awareness and ignorance of users.
By e-mail a message is sent contains link to an application “interesting”, which at first glance does not arouse suspicions. Moreover, it can come as an installation recommendation from the company or bank to which the user is employed.
If, however, the user Pica Inn Capcana and gives access to the application at Microsoft Office 365, in the future that application will no longer be blocked by Oauth. Behind the applications can hide API by which many queries can be made to the Office 365 account. Account from which attackers can obtain confidential information and extract sensitive data with the help of the application, without the user observing this.
Everything works on the same system through which in the past Google Play applications for “flashlight” they asked for access to the list of contacts. After the permission of the Uutylizer was received, the application could transport confidential data to third parties.
And those from Facebook have faced such problems in the past, when third parties had access to more data than they were needed, data that proved to be sold to various communications agents.
As for Microsoft Office 365 users who work these days from Domiciuliu, it is good to know that any email that invites you to install an application for Office 36, must be checked before by an IT department. Only after this department gives its own, the application can obtain access to your office account 365.
The best protection against phishing is always the use of the user. Links and applications received by e-mail and open or installed without being verified, can cause great data losses and compromise some careers.
