ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    OWA is vulnerable to Phishing

    IT Discussion
    owa exchange 2013 phishing pharming credential harvesting
    10
    27
    5.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marcinozga
      last edited by

      I can't believe that everyone here is dead wrong. None of the websites mentioned here or OWA are vulnerable to phishing. Not a single website on Internet is. Users are vulnerable to phishing, not websites. Phishing is a social engineering technique to deceive users, not websites. You can create fake Google login form that has both username and password fields and users will fall for it.

      1 Reply Last reply Reply Quote 0
      • M
        marcinozga @momurda
        last edited by

        @momurda said in OWA is vulnerable to Phishing:

        Quick question; How would you go about getting your phishing page to OWA users at a company you were targeting? send them an email with a subject like 'click here to login to your company webmail"? with a link to the fake owa site? They would already have their email open. I suppose it could happen that way, these are users we're talking about.
        In the Eternal War on Spam/Malware, what can be done?

        Instant messenger is one option.

        1 Reply Last reply Reply Quote 0
        • A
          aidan_walsh @Deleted74295
          last edited by

          @Breffni-Potter said in OWA is vulnerable to Phishing:

          Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?

          Same again for the banking website.

          Thats exactly what happens. You'd be surprised at what passes for phishing attacks, and how many people fall for them. I've seen ones that have asked people "for security purpose" to enter all 50 4-digit code card entries, something a bank would obviously never do.

          And yet...

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Deleted74295
            last edited by

            @Breffni-Potter said in OWA is vulnerable to Phishing:

            Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?

            Same again for the banking website.

            Especially as real OWA makes you go to a second page and doesn't take the password on the first one. It's a dead field.

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @aidan_walsh
              last edited by

              @aidan_walsh said in OWA is vulnerable to Phishing:

              @Breffni-Potter said in OWA is vulnerable to Phishing:

              Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?

              Same again for the banking website.

              Thats exactly what happens. You'd be surprised at what passes for phishing attacks, and how many people fall for them. I've seen ones that have asked people "for security purpose" to enter all 50 4-digit code card entries, something a bank would obviously never do.

              And yet...

              Partially that's because real banks have done that traditionally.

              stacksofplatesS 1 Reply Last reply Reply Quote 1
              • stacksofplatesS
                stacksofplates @scottalanmiller
                last edited by

                @scottalanmiller said in OWA is vulnerable to Phishing:

                @aidan_walsh said in OWA is vulnerable to Phishing:

                @Breffni-Potter said in OWA is vulnerable to Phishing:

                Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?

                Same again for the banking website.

                Thats exactly what happens. You'd be surprised at what passes for phishing attacks, and how many people fall for them. I've seen ones that have asked people "for security purpose" to enter all 50 4-digit code card entries, something a bank would obviously never do.

                And yet...

                Partially that's because real banks have done that traditionally.

                Like AMEX. I needed a password reset and they asked all of the info on my card, other than my name and expiration.

                scottalanmillerS 1 Reply Last reply Reply Quote 1
                • scottalanmillerS
                  scottalanmiller @stacksofplates
                  last edited by

                  @stacksofplates said in OWA is vulnerable to Phishing:

                  @scottalanmiller said in OWA is vulnerable to Phishing:

                  @aidan_walsh said in OWA is vulnerable to Phishing:

                  @Breffni-Potter said in OWA is vulnerable to Phishing:

                  Ummm....as an attacker, why can't I just have a next page fake confirmation which forgets the profile photo (easy to overlook in a hurry) and get the password for google anyway?

                  Same again for the banking website.

                  Thats exactly what happens. You'd be surprised at what passes for phishing attacks, and how many people fall for them. I've seen ones that have asked people "for security purpose" to enter all 50 4-digit code card entries, something a bank would obviously never do.

                  And yet...

                  Partially that's because real banks have done that traditionally.

                  Like AMEX. I needed a password reset and they asked all of the info on my card, other than my name and expiration.

                  Yeah, it definitely still happens. And I've had huge security gaps that I've told a bank was not secure and they didn't care. I said... I literally have no means to tell if you are really my bank or not and they are just like "so, we don't care."

                  1 Reply Last reply Reply Quote 0
                  • 1
                  • 2
                  • 2 / 2
                  • First post
                    Last post