Pre-Hijacking Attacks on Social Media Accounts | Avast | #emailsecurity | #phishing | #ransomware

A new paper by the Microsoft Security Response Center explains account pre-hijacking, where attackers open an account with the victim’s email address then lie in wait for the victim eventually to join the site. Once the victim joins the site and breathes life into the account, the attacker takes full control, icing out the victim from their own account. Researchers noted five variations of this attack: the classic-federated merge attack, the unexpired session identifier attack, the trojan identifier attack, the unexpired email change attack, and the non-verifying IDP attack. For more on each, see Bleeping Computer

Cybersecurity Live - Boston

*** This is a Security Bloggers Network syndicated blog from EN authored by Avast Blog. Read the original post at:

Original Source link

Leave a Reply

Your email address will not be published.

42 − thirty three =