Cybercriminals are impersonating the cybersecurity firm Proofpoint to trick victims into providing Microsoft Office 365 and Google Gmail credentials. The phishing messages use mortgage payments as a lure, they have the subject “Re: Payoff Request.”
“The email claimed to contain a secure file sent via Proofpoint as a link.” reads the post published by Armorblox. “Clicking the link took victims to a splash page that spoofed Proofpoint branding and contained login links for different email providers. The attack included dedicated login page spoofs for Microsoft and Google.”
Upon clicking the email link embedded in the message, the victims are redirected to a splash page with Proofpoint branding.
The phishing message was sent from a legitimate individual’s compromised email account. The sender’s domain (sdis34[.]fr) was a department of fire rescue in Southern France.
Clicking on the Google and Office 365 buttons led the victims to specially crafted Google and Microsoft phising pages that asked for the victim’s credentials.
The phishing pages were hosted on the “greenleafproperties[.]co[.]uk” domain, which was updated in April 2021. The URL has currently redirected to ‘cvgproperties[.]co[.]uk.’
Below are the key findings for this campaign:
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, phishing)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.