Aug 14 2022 06:18 AM
Aug 14 2022 06:18 AM
I just wanted to share this thing. I mean we all are aware that passwords are lame. It can be easily just hacked by a malicious individual. Then came the one time pin. We felt secure by this. Either by our recovery email or on our registered mobile number. Then we get comfortable doing almost everything of our transactions online. Relative to using Microsoft 365 as provided by our office org. in which we are really handling confidential information. I already reported this to I.T. team or our org. They replied by saying ,"Did you try it?" I was thinking were they(local I.T team) also curious about this but nah, I don't think my org will allow such curiosity to play along when our work handle confidential information, video recordings and meetings. It happened several times. Just a while ago, I received this. You can tell the difference. Both works, but what I've noticed from the second picture as I've open my email it route me to "my account is at risk" so I immediately signed out. I'm gonna changed my password. I'm thinking of this. I don't know but I just wanted to share this.
Aug 16 2022 06:30 AM
I assume, your accountis at risk. the second screenshot is very strange. Looks like a pishing attack.
You should inform your security master of desaster and ask, what is happened.
Azure currently is moving forward, fast, with authentication, OTP is legacy. passwordless will the next level. You can use passwordless with WHfB, with FIDO, with SmartCard, and with MS Authenticator App password-less signin. All three must be configured by your admin team.
Aug 16 2022 07:10 AM
Aug 16 2022 07:41 AMSolution
I'm not the specialist for hackers. But
Microsoft has send the code via SMS. SMS can be hacked by intersection of the communication, e.g. using "false base station" or Hacking of the ‘Personal Account’ of the subscriber on the site or application of the cellular operator and forwarding all messages to the attacker`s address.
One of this could be happend.
If you receive the Microsoft code, the attacker send a second one, asking you to verify your login. I don't know how the hacker then can lead you to a fake site (maybe proxy, what ever?). Then the attacker has your password.
You have used the signin-page of microsoft, and you see, your account is at risk. It looks that Microsoft cloud application security has detected a second login for your account, which looks strange, because it is from another location, or it is from a non registered device.
This shows, we all have to move to passwordless authentication, because it is phishing resistant.
Aug 16 2022 08:44 PM
@Harald_Wallus I'm not an expert either about how hackers do things in attacking individual accounts, but I know and understand some stuff and continuously learning about it as far as I can understand and do a lot of research. For sure Local IT Support team knows as to how many log in attempts, web pages opened and so on and so forth. A lot of information that their end user do can be monitored but what they can't as to a certain limitation of controlling a system like this (online/cyber threats occur at any time at any day) These confidential information can be used and sold maliciously. So what can they do about this? just thinking bout it for Im sure they wont just give one account to an individual who is naive or ignorant in using it so to speak.