This is how the dangerous scam that makes all your passwords public works

• Security Does anyone know my passwords?

  With this trick you will find out in 1 minute

• Passwords How to create a strong password and always remember it

Researchers at Check Point Research and Otorio have uncovered a

large-scale 'phishing' campaign in

which cybercriminals have accidentally left stolen credentials available to the public through a Google search.

The 'phishing' campaign began last August by sending emails

posing as Xerox scan notifications

.

In the 'emails' users were urged to open a malicious attachment in HTML format that bypasses Microsoft Office 365's Advanced Threat Protection (ATP) filter.

Once they opened the document, victims were

redirected to a login page

.

In this way, cybercriminals were able to steal the credentials of more than a thousand victims, as reported from Check Point in a statement.

Once the data was extracted, it was sent and stored in a text file hosted on WordPress servers controlled by cybercriminals.

However, and due to

an error in the attack chain

, the attackers behind this 'phishing' campaign ended up exposing this data on the Internet, since the folder where it was stored was

indexed by Google.

Once the documents were indexed, the information automatically became

visible to the public

.

To do this, you just have to do a search on the Internet.

As the technical director of Check Point for Spain and Portugal, Eusebio Nieva, indicates, "the strategy of the cybercriminals was to

store the stolen information on a specific web page that they created themselves

to, after deceiving their victims, collect all the data stored in these servers ".

However, "what they did not think is that

if they were able to crawl the web in search of this information, Google could too.

This was clearly a failed security operation for cybercriminals", concludes the manager.

According to the criteria of The Trust Project

Know more

• Google

• Internet

Video Games2020 Game: the free game in which you must flee from all disasters throughout the year

VPNThe police coup against the program that hackers used to hide on the Internet

TechnologyWhatsApp changes its terms and conditions: this is what you must accept to continue using the app

See links of interest

• 2021 business calendar

• Red Star - Barça

• Fuenlabrada - Alcorcón

• Borussia Mönchengladbach - Borussia Dortmund

• Benevento - Torino

• TD Systems Baskonia - Alba Berlin