This isn’t intentional, of course. Nobody sits down and says, “let’s make sure the people who over-engineer things get promoted!” But that’s what can happen (and it has been, over and over again) when companies evaluate work incorrectly.
When we investigated these pages, there were some clear indicators that something was wrong. The biggest one is that the Microsoft login flow isn't hosted on a Microsoft domain. While websites can use Microsoft as an authorization source, this normally involves redirecting to a Microsoft-controlled page and then back to the original site once authorization is complete. That's not what's happening here. Beyond that, none of the secondary interface elements work. "Create a new account," "Sign in options," "Can't access your account?" all either do nothing when clicked or redirect back to the current page. This is something we see over and over: phishing kits only implement the happy path where the victim enters their credentials without clicking anything else. Finally, the error messages are wrong. We went through a legitimate Microsoft auth flow and recorded the error states (for example, entering a non-existent email) and compared them to what the phishing page displayed. The language didn't match.,详情可参考爱思助手
人 民 网 版 权 所 有 ,未 经 书 面 授 权 禁 止 使 用。快连下载对此有专业解读
В Москве прошла самая снежная зима14:52