A quick finding while hunting last weekend! Despite many security awareness campaigns, phishing has remained a common threat. You can be targeted by a « personal » phishing attacks that tries to steal credentials to access your corporate account (like a fake VPN login page). But phishing also targets well-known brands. I found a ZIP archive containing many well-designed HTML pages that mimic many classic brands targeted by phishing campaigns.

Example:

Here is the list of pages:

• Apple italy.html
• Apple letter (1)New.html
• BOA letter.html
• BOA scampage.html
• CVE-2018.html
• Chase Final letter.html
• Letter Best paypal!.html
• Letter Netlix [Norwegian].html
• Letter Paypal1.html
• Letter Paypal2.html
• Letter [ANything].html
• New sign on iOS and macOS.html
• Office-Letter.html
• PayPal Final letter(1).html
• PayPal best letter.html
• PayPal final letter.html
• PayPal letter.html
• Secure My Account.html
• Spotify Subscription Payment Failure.html
• TOP PADDING Trusted Sender.html
• Your iCloud storage is full.html
• [PP] Unusual activity.html
• amazon.html
• amex.html
• apple check activity.html
• apple-Confirmation.html
• apple-invoice.html
• apple-nyolong.html
• apple-nyolong2.html
• apple.html
• apple2.html
• apple3.html
• applebagus.html
• applejapan.html
• authorize payment paypal.html
• bbletter (4) (2) (2).html
• chase-Your credit card statement is ready.html
• chase.html
• chase1.html
• discover.html
• ebay.html
• gaenandewe.html
• google.html
• icloud.html
• icloud2.html
• kata limited paypal.html
• kecilpaypal.html
• new signin.html
• new.html
• paypal-limited-lang[ID].html
• paypal.html
• renyahpp.html
• revisi apple.html
• spotify failure payment.html
• spotify.html
• still-aol.html
• unusual.html
• yahoo-apple.html
• yahoo-apple2.html
• yahoojapan.html

Some pages contain a valid URL defined to receive credentials provided by victims other don't, but they are almost ready to be reused in new campaigns...

Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key