A key component of a targeted phishing attack is personalization.
This uses a inverted threat model: Most phishing campaigns try to steal your password, whereas this one leads with it.
On July 12 a new "sextortion" based phishing scheme began and tricked dozens of people into paying anywhere from a few hundred to thousands of dollars in Bitcoin. What spooked people was that its salutation included a password that each recipient legitimately used at some point online.
https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/
This uses a inverted threat model: Most phishing campaigns try to steal your password, whereas this one leads with it.
On July 12 a new "sextortion" based phishing scheme began and tricked dozens of people into paying anywhere from a few hundred to thousands of dollars in Bitcoin. What spooked people was that its salutation included a password that each recipient legitimately used at some point online.
https://krebsonsecurity.com/2018/08/the-year-targeted-phishing-went-mainstream/
No comments:
Post a Comment