Researchers at Avanan, a Check Point Company, have discovered threat actors using stolen credentials to create more user profiles to send credential harvesting emails. By doing so, hackers are able to multiply the effect of credential harvesting scams.
In this attack brief, researchers at Avanan, a Check Point Software company, will discuss how threat actors are compromising accounts, creating more user profiles to send out more attacks, then auto-deleting email trails.
The campaign presents users with an email from Microsoft’s Office 365 notifying them that a form has been shared. Clicking on the link to the form directs users to a malicious site where credentials are stolen. The hacker, now with access to the account, creates more user profiles within the larger admin and sends out phishing emails to over 4,000 addresses. The emails are then set to be auto-deleted from the compromised accounts to cover their tracks.
You can read the attack brief here.
Like this:
Like Loading...
Related
This entry was posted on September 22, 2022 at 9:00 am and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Hackers Amplify Phishing Attacks By Creating Multiple Profiles From Compromised Accounts And Use Auto-Delete To Cover Their Tracks: Avanan
Researchers at Avanan, a Check Point Company, have discovered threat actors using stolen credentials to create more user profiles to send credential harvesting emails. By doing so, hackers are able to multiply the effect of credential harvesting scams.
In this attack brief, researchers at Avanan, a Check Point Software company, will discuss how threat actors are compromising accounts, creating more user profiles to send out more attacks, then auto-deleting email trails.
The campaign presents users with an email from Microsoft’s Office 365 notifying them that a form has been shared. Clicking on the link to the form directs users to a malicious site where credentials are stolen. The hacker, now with access to the account, creates more user profiles within the larger admin and sends out phishing emails to over 4,000 addresses. The emails are then set to be auto-deleted from the compromised accounts to cover their tracks.
You can read the attack brief here.
Share this:
Like this:
Related
This entry was posted on September 22, 2022 at 9:00 am and is filed under Commentary with tags Avanan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.