Attackers are impersonating major companies and recruiters to target marketing professionals, using trusted services and browser tricks to make the scam look legitimate.
A BleepingComputer article detailing the campaign found at least 34 domains impersonating high-value companies, including Netflix, Coca-Cola, Adidas, and FIFA.
The lure is a fake job interview or scheduling request from a “recruiter” representing one of these major companies. The impersonating website then shows the victim a fake Google sign-in pop-up built inside the page, rather than a real browser window.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- FIN6 Switches Up PoS Tactics to Target E-Commerce
August 29, 2019
The group is using the More_eggs JScript backdoor to anchor its attack. The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) ...
- Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw
August 29, 2019
Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world. The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to bypass the login ...
- Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU
August 29, 2019
In May 2019, Microsoft released an out-of-band patch update for remote code execution vulnerability CVE-2019-0708, which is also known as “BlueKeep” and resides in code to Remote Desktop Services (RDS). This vulnerability is pre-authentication and requires no user interaction, making it particularly dangerous as it has the unsettling potential to be weaponized into a destructive exploit. ...
- ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information
August 29, 2019
Despite having an apparent lull in the first half of 2019, phishing will remain a staple in a cybercriminal’s arsenal, and they’re not going to stop using it. The latest example is a phishing campaign dubbed Heatstroke, based on a variable found in their phishing kit code. Heatstroke demonstrates how far phishing techniques have evolved — from merely mimicking ...
- Spam and phishing in Q2 2019
August 28, 2019
In the second quarter of 2019, scammers were making active use of cloud-based data storage services such as Google Drive and Google Storage to hide their illegal content. The reasoning behind this is simple: a link from a legitimate domain is seen as more trustworthy by both users and spam filters. Most often, such links point to ...
- AMEO ‘concerned’ about nation-state attacks on power grids
August 22, 2019
“For the energy sectors and critical infrastructure sectors, particularly around electricity, we are concerned about nation-state actors,” says Tim Daly, chief security officer (CSO) for the Australian Energy Market Operator (AEMO). “Nation-states are looking to have capability and implants that are persistent within critical organisations,” he told the Gartner Security and Risk Management Summit in Sydney ...

