10th February 2017 By Tara Seals
Menlo Security researchers recently uncovered a highly customized phishing campaign that lifted reams of personally identifiable information (PII) without detection.
The sophisticated spear phishing attack took place at a “well-known enterprise,” Menlo Security said in its report, going undetected by existing security solutions. A close examination of the event by researchers revealed that the attackers performed various checks on the password entered by the victim and their IP address, to determine whether it was a true compromise versus somebody who had figured out the attack. They relied heavily on several key scripts to execute the phishing campaign, and to obtain the victim’s IP address in addition to the victim’s country and city.
The attackers also supported various email providers—and in fact served custom pages based on the email domain or the mark. For example, a victim whose email address was firstname.lastname@example.org would be served a page that looked like a Gmail login page.
Powered by WPeMatico