news 
New Email Warning—Hackers Target Microsoft Users With Fatigue Attack
Microsoft users are under siege once again as hackers from the Black Basta group employ a new tactic to steal account credentials. Dubbed an “email fatigue attack,” this clever scheme preys on our natural inclination to ignore or delete unwanted emails, leaving us vulnerable to phishing attempts.
According to a recent analysis by NVISO’s Computer Security Incident Response Team and Security Operations Center, hackers are exploiting Microsoft 365 tenants to launch the attack. This sinister ploy involves flooding the target’s inbox with spam emails, masquerading as newsletter subscriptions, in an attempt to exhaust the user’s attention span and subsequently gain their trust.
Here’s how it works: malicious actors create a new Microsoft 365 tenant that appears legitimate and starts bombarding the victim’s inbox with seemingly innocuous emails. This barrage of unwanted messages is intended to cause fatigue and prompt users to dismiss or ignore subsequent communications, thereby reducing vigilance and increasing susceptibility to phishing attacks.
Once the email flood subsides, hackers initiate a one-on-one chat session using Microsoft Teams from the newly created tenant, posing as IT support or Help Desk personnel. Their ruse? Offering assistance in resolving the issue, which is, of course, merely an excuse to persuade users to provide access to their account via a legitimate remote management tool.
Having gained access to the device, attackers can disable security controls, deploy malware, and exfiltrate sensitive information with ease. This is a grave concern, especially for businesses that rely heavily on Microsoft services.
To mitigate this attack vector, experts recommend disabling Teams communication from external users to prevent phishing chat messages or setting up anti-spam policies to block unwanted emails. Additionally, restricting access to specific domains can help prevent unauthorized communication.
Microsoft has been approached for comment regarding the email fatigue attacks and their response will be updated once received.
Stay vigilant, Microsoft users!
Source: www.forbes.com
