INKY has published a new Fresh Phish that impersonates OpenAI and takes numerous creative steps to harvest credentials.
To give you an idea of the complexity, here is a recap of the techniques used in this phish:
- Brand impersonation — using brand logos and trademarks to impersonate well-known brands.
- Spoofing – disguising an email address so it appears to be from someone familiar.
- Malicious links – a clickable link that directs users to an illegitimate or unsafe website, usually for the purpose of harvesting credentials.
- Credential harvesting — occurs when a victim thinks they are logging in to one of their resource sites but are really entering credentials into a dialog box owned by the attackers.
- Dynamic redirection — uses elements of the victim’s email address, particularly the domain, to guide the attack flow.
You can read their research here.
Like this:
Like Loading...
Related
This entry was posted on May 25, 2023 at 9:00 am and is filed under Commentary with tags INKY. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
ChatGPT Impersonation Fuels a Clever Phishing Scam: INKY
INKY has published a new Fresh Phish that impersonates OpenAI and takes numerous creative steps to harvest credentials.
To give you an idea of the complexity, here is a recap of the techniques used in this phish:
You can read their research here.
Share this:
Like this:
Related
This entry was posted on May 25, 2023 at 9:00 am and is filed under Commentary with tags INKY. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.