Advertisements
INKY has published a new Fresh Phish talking about a complicated scheme leveraging legitimate Adobe and Constant Contact tools in a multi-layered attack.
Techniques include:
- Personalized phish — algorithms that extract the recipient’s domain and impersonate that domain to create a unique phish for each recipient.
- Image-based phish — textual phish message is embedded in an image.
- Malicious QR code- conceals the malicious URL from recipients and security software.
- Brand impersonation — uses company logos and trademarks to impersonate well-known brands in order to make an email or malicious site look more legitimate.
- Advanced fees scam — occurs when a victim thinks they are logging in to one of their resource sites but are really entering payment information into a dialog box owned by the attackers.
You can read the report here.