Phishing scam had all the bells and whistles—except for one

by
Dan Goodin
from Ars Technica - All content on (#5D51P)
login-credentials-800x519.jpg

Enlarge / The query window for username and password on a webpage can be seen on the monitor of a laptop. (credit: Jens Buttner/picture alliance via Getty Images)

Criminals behind a recent phishing scam had assembled all the important pieces. Malware that bypassed antivirus-check. An email template that got around Microsoft Office 365 Advanced Threat Protection-check. A supply of email accounts with strong reputations from which to send scam mails-check.

It was a recipe that allowed the scammers to steal more than 1,000 corporate employee credentials. There was just one problem: the scammers stashed their hard-won passwords on public servers where anyone-including search engines-could (and did) index them.

Interestingly, due to a simple mistake in their attack chain, the attackers behind the phishing campaign exposed the credentials they had stolen to the public Internet, across dozens of drop-zone servers used by the attackers," researchers from security firm Check Point wrote in a post published Thursday. With a simple Google search, anyone could have found the password to one of the compromised, stolen email addresses: a gift to every opportunistic attacker."

Read 8 remaining paragraphs | Comments

index?i=FpmvdiPnXPs:DC3-VwgO1SM:V_sGLiPB index?i=FpmvdiPnXPs:DC3-VwgO1SM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments