INKY has published a new Fresh Phish that impersonates OpenAI and takes numerous creative steps to harvest credentials.
To give you an idea of the complexity, here is a recap of the techniques used in this phish:
- Brand impersonation — using brand logos and trademarks to impersonate well-known brands.
- Spoofing – disguising an email address so it appears to be from someone familiar.
- Malicious links – a clickable link that directs users to an illegitimate or unsafe website, usually for the purpose of harvesting credentials.
- Credential harvesting — occurs when a victim thinks they are logging in to one of their resource sites but are really entering credentials into a dialog box owned by the attackers.
- Dynamic redirection — uses elements of the victim’s email address, particularly the domain, to guide the attack flow.
You can read their research here.
Related
This entry was posted on May 25, 2023 at 9:00 am and is filed under Commentary with tags INKY. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
ChatGPT Impersonation Fuels a Clever Phishing Scam: INKY
INKY has published a new Fresh Phish that impersonates OpenAI and takes numerous creative steps to harvest credentials.
To give you an idea of the complexity, here is a recap of the techniques used in this phish:
You can read their research here.
Share this:
Like this:
Related
This entry was posted on May 25, 2023 at 9:00 am and is filed under Commentary with tags INKY. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.