A new phishing campaign is leveraging fake email delivery notifications, masquerading as internal alerts from spam filters. The crafted emails claim to inform recipients about pending messages that failed to reach their inboxes. Users are prompted to click a button or link that redirects to a phishing site designed to harvest login credentials.
Researchers at Unit42 have identified this growing threat, which is evolving rapidly. Unlike earlier versions, the phishing site employs obfuscated code and utilizes websockets to capture credentials instantly as users type. This sophisticated approach allows attackers to gain immediate access to personal accounts, posing a significant risk.
To protect against such phishing attempts, users are advised to verify email senders, ensure website addresses match expected domains, and utilize multi-factor authentication. Keeping security software updated and using password managers can also help mitigate risks associated with phishing attacks.
👉 Pročitaj original: Malware Bytes
