Forum Discussion
OTP
I'm not the specialist for hackers. But
Microsoft has send the code via SMS. SMS can be hacked by intersection of the communication, e.g. using "false base station" or Hacking of the ‘Personal Account’ of the subscriber on the site or application of the cellular operator and forwarding all messages to the attacker`s address.
One of this could be happend.
If you receive the Microsoft code, the attacker send a second one, asking you to verify your login. I don't know how the hacker then can lead you to a fake site (maybe proxy, what ever?). Then the attacker has your password.
You have used the signin-page of microsoft, and you see, your account is at risk. It looks that Microsoft cloud application security has detected a second login for your account, which looks strange, because it is from another location, or it is from a non registered device.This shows, we all have to move to passwordless authentication, because it is phishing resistant.
Harald
I assume, your accountis at risk. the second screenshot is very strange. Looks like a pishing attack.
You should inform your security master of desaster and ask, what is happened.
Azure currently is moving forward, fast, with authentication, OTP is legacy. passwordless will the next level. You can use passwordless with WHfB, with FIDO, with SmartCard, and with MS Authenticator App password-less signin. All three must be configured by your admin team.
thanks by the way for the reply. I will study about your suggestion for me to better understand.
I'm not the specialist for hackers. But
Microsoft has send the code via SMS. SMS can be hacked by intersection of the communication, e.g. using "false base station" or Hacking of the ‘Personal Account’ of the subscriber on the site or application of the cellular operator and forwarding all messages to the attacker`s address.
One of this could be happend.
If you receive the Microsoft code, the attacker send a second one, asking you to verify your login. I don't know how the hacker then can lead you to a fake site (maybe proxy, what ever?). Then the attacker has your password.
You have used the signin-page of microsoft, and you see, your account is at risk. It looks that Microsoft cloud application security has detected a second login for your account, which looks strange, because it is from another location, or it is from a non registered device.This shows, we all have to move to passwordless authentication, because it is phishing resistant.
Harald
Harald_Wallus I'm not an expert either about how hackers do things in attacking individual accounts, but I know and understand some stuff and continuously learning about it as far as I can understand and do a lot of research. For sure Local IT Support team knows as to how many log in attempts, web pages opened and so on and so forth. A lot of information that their end user do can be monitored but what they can't as to a certain limitation of controlling a system like this (online/cyber threats occur at any time at any day) These confidential information can be used and sold maliciously. So what can they do about this? just thinking bout it for Im sure they wont just give one account to an individual who is naive or ignorant in using it so to speak.
