New Phishing Campaign Spoofed Skype to Steal Users’ Credentials
A phishing campaign leveraged malicious emails to spoof video calling platform Skype in order to steal users’ account credentials.
Cofense observed that the campaign began with an attack email that appeared to originate from Skype. Specifically, the attackers crafted the sending email address to read as “67519-81987[@]skype.[REDACTED EMAIL].” But a closer look revealed that the attack email had actually originated from a compromised email address.
The email itself masqueraded as an alert of 13 pending notifications awaiting the recipient. Cofense said that this technique was a clever move on the attackers’ part. As it explained in its research:
It is not uncommon to receive emails about pending notifications for various services. The threat actor anticipates users will recognize this as just that, so they take action to view the notifications. Curiosity and the sense of urgency entice many users to click the “Review” button without recognizing the obvious signs of a phishing attack.
As shown in the image above, the “Review” button didn’t actually lead users to a review of their pending Skype notifications. Instead, it used an app link to redirect them to a phishing page located at hxxps://skype-online0345[.]web[.]app.
The decision to use .app for the page’s top-level domain gave the attack an even greater sense of legitimacy, as .app domains require the use of HTTPS to establish a connection. To further increase their attack’s credibility, the phishing site displayed the company logo of the target within the login box along with a warning that the page was open to the company’s employees only.
All of those tactics had one purpose: lull the user into a false sense of security so that (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/new-phishing-campaign-spoofed-skype-to-steal-users-credentials/