"Countdown Clock Puts Pressure on Phishing Targets"

Security researchers at Cofense warn of a new phishing campaign that tries to hurry users into making poor decisions by presenting them with a countdown clock.  The researchers spotted the credential harvesting campaign, which arrives in the form of an alert email about a non-existent "suspicious login" to their account.  The email comes from a fake security company called "DNS Online Security," the message requests that the user verify their email or risk being locked out/deactivated.  The phishing page the victim is then taken to is designed to socially engineer them into rushing to enter their details by listing various email addresses from the same company that it says are currently being "deleted." The researchers noted that the page runs in a loop with randomly generated names assigned to the domain based off the target company's domain.  The researchers stated that it shares some similarities with ransomware, the target company is faced with a countdown timer and the choice of stopping the deletion of potentially company-wide email access or entering their credentials.  The researchers noted that the timer also shares ransomware-type panic creation, all designed to push the recipient into entering their credentials without second guessing.  These details aren't deleted and are merely randomly generated as part of the scare tactic.  The researchers noted that if a victim provides their credentials, those details are sent to a remote command and control (C&C) server.  In some cases, they will be redirected to an "account validation" page before finally landing at the homepage of the targeted organization.  The researchers stated that this campaign highlights the continued innovation and sharing of tactics that occur in the cybercrime underground, in this case borrowing social engineering techniques from ransomware actors.

 

Infosecurity reports: "Countdown Clock Puts Pressure on Phishing Targets"

Submitted by Anonymous on