OWA Fishing attack

I just love Gnucitizen - this time Adrian Pastor explains how to use an Outlook Web Access design flaw to create a phishing attack

The post is a bit technical, but it gives you a very good idea of just how easy it is to fool your OWA users to give up their user names / passwords to a hacker.

The scary bit is that Adrian told Microsoft about this a couple of years ago - but since this is a design feature and not a bug, Microsoft is not changing it.

So if you are running OWA - make sure to take precautions!  

Recent comments