- Attacker sends an email to a victim, asking them to verify their PayPal or Amazon account. If the victim clicks the link in the email, they’ll be taken to a benign first-stage website, which is able to pass through email security filters undetected.
- This website redirects the victim to a second-stage site, which checks that the victim is a real person, and not a security scanner or associated with law enforcement.
- Next, the victim will be taken to the actual phishing site, where they’ll be asked to enter their email credentials, credit card details, and other sensitive information. This data is steganographically hidden in an image file and sent to the attacker’s email address. Once the information is sent, the victim loses access to the phishing page
https://blog.knowbe4.com/multistage-phishing-attacks-target-financial-information
No comments:
Post a Comment