Phishing Again and Again
A quick finding while hunting last weekend! Despite many security awareness campaigns, phishing has remained a common threat. You can be targeted by a « personal » phishing attacks that tries to steal credentials to access your corporate account (like a fake VPN login page). But phishing also targets well-known brands. I found a ZIP archive containing many well-designed HTML pages that mimic many classic brands targeted by phishing campaigns.
Example:
Here is the list of pages:
- Apple italy.html
- Apple letter (1)New.html
- BOA letter.html
- BOA scampage.html
- CVE-2018.html
- Chase Final letter.html
- Letter Best paypal!.html
- Letter Netlix [Norwegian].html
- Letter Paypal1.html
- Letter Paypal2.html
- Letter [ANything].html
- New sign on iOS and macOS.html
- Office-Letter.html
- PayPal Final letter(1).html
- PayPal best letter.html
- PayPal final letter.html
- PayPal letter.html
- Secure My Account.html
- Spotify Subscription Payment Failure.html
- TOP PADDING Trusted Sender.html
- Your iCloud storage is full.html
- [PP] Unusual activity.html
- amazon.html
- amex.html
- apple check activity.html
- apple-Confirmation.html
- apple-invoice.html
- apple-nyolong.html
- apple-nyolong2.html
- apple.html
- apple2.html
- apple3.html
- applebagus.html
- applejapan.html
- authorize payment paypal.html
- bbletter (4) (2) (2).html
- chase-Your credit card statement is ready.html
- chase.html
- chase1.html
- discover.html
- ebay.html
- gaenandewe.html
- google.html
- icloud.html
- icloud2.html
- kata limited paypal.html
- kecilpaypal.html
- new signin.html
- new.html
- paypal-limited-lang[ID].html
- paypal.html
- renyahpp.html
- revisi apple.html
- spotify failure payment.html
- spotify.html
- still-aol.html
- unusual.html
- yahoo-apple.html
- yahoo-apple2.html
- yahoojapan.html
Some pages contain a valid URL defined to receive credentials provided by victims other don't, but they are almost ready to be reused in new campaigns...
Xavier Mertens (@xme)
Xameco
Senior ISC Handler - Freelance Cyber Security Consultant
PGP Key
Keywords: Phishing
2 comment(s)
My next class:
Reverse-Engineering Malware: Advanced Code Analysis | Singapore | Nov 18th - Nov 22nd 2024 |
×
Diary Archives
Comments
scan-man
Feb 27th 2023
1 year ago
Also, a list of forwarding URLs would be handy.
Then we could track domain ownership and block or have the owner fix the problem.
jobcacka@gmail.com
Mar 2nd 2023
1 year ago