Cybercriminals have launched a sophisticated phishing campaign that masquerades as legitimate notifications from corporate spam filters. These fake emails inform recipients that their organization’s Secure Message system has encountered issues, urging them to click a button promising to ‘Move to Inbox’ to retrieve supposedly pending messages. However, this is a cleverly disguised trap aimed at stealing users’ login details.
The phishing attempt is highly deceptive, featuring realistic delivery reports and an unsubscribe link to give it an air of authenticity. The attackers use a base64 encoded email address in the URL to create a personalized experience for their victims, enhancing the likelihood of success. Malwarebytes security analysts report that this campaign has become more advanced, employing heavily obfuscated code to prevent easy detection and that it continues to evolve.
Unlike traditional phishing, this attack utilizes websocket technology, providing a continuous connection between the victim’s browser and the attacker’s server. As a result, the attackers can capture credentials in real-time as users input their information, including bypassing two-factor authentication prompts. This alarming method of credential harvesting poses a significant threat to account security and emphasizes the need for users to remain vigilant against such deceptive tactics.
👉 Pročitaj original: Cyber Security News
