Security Does anyone know my passwords?
With this trick you will find out in 1 minute
Passwords How to create a strong password and always remember it
Researchers at Check Point Research and Otorio have uncovered a
large-scale 'phishing' campaign in
which cybercriminals have accidentally left stolen credentials available to the public through a Google search.
The 'phishing' campaign began last August by sending emails
posing as Xerox scan notifications
.
In the 'emails' users were urged to open a malicious attachment in HTML format that bypasses Microsoft Office 365's Advanced Threat Protection (ATP) filter.
Once they opened the document, victims were
redirected to a login page
.
In this way, cybercriminals were able to steal the credentials of more than a thousand victims, as reported from Check Point in a statement.
Once the data was extracted, it was sent and stored in a text file hosted on WordPress servers controlled by cybercriminals.
However, and due to
an error in the attack chain
, the attackers behind this 'phishing' campaign ended up exposing this data on the Internet, since the folder where it was stored was
indexed by Google.
Once the documents were indexed, the information automatically became
visible to the public
.
To do this, you just have to do a search on the Internet.
As the technical director of Check Point for Spain and Portugal, Eusebio Nieva, indicates, "the strategy of the cybercriminals was to
store the stolen information on a specific web page that they created themselves
to, after deceiving their victims, collect all the data stored in these servers ".
However, "what they did not think is that
if they were able to crawl the web in search of this information, Google could too.
This was clearly a failed security operation for cybercriminals", concludes the manager.
According to the criteria of The Trust Project
Know more
Google
Internet
Video Games2020 Game: the free game in which you must flee from all disasters throughout the year
VPNThe police coup against the program that hackers used to hide on the Internet
TechnologyWhatsApp changes its terms and conditions: this is what you must accept to continue using the app
See links of interest
2021 business calendar
Red Star - Barça
Fuenlabrada - Alcorcón
Borussia Mönchengladbach - Borussia Dortmund
Benevento - Torino
TD Systems Baskonia - Alba Berlin