- It tricks the users into revealing their credentials which can be used later by scammers for other nefarious activities.
- It begins with users receiving threatening emails to their account.
A new phishing campaign that scares victims with triple threats has been observed recently. It tricks the users into revealing their credentials which can be used later by scammers for other nefarious activities.
The new campaign was reported on January 21 by researchers at AppRiver. It begins with users receiving threatening emails to their account. It contains a message which reads that the recipient's mailbox is infected with 3 deadly viruses and will shut down if the warning is ignored.
The email contains an URL which redirects the victims to a compromised WordPress page.
“The phishing theme follows typical email shutdown threats, however, contains this unique "3 deadly virus" scare twist. The URL, which includes the intended victim's email address, directs to a compromised Wordpress page. The phishing site uses that address to generate content customized to the recipient,” said researchers at AppRiver in a blog post.
The malicious WordPress site runs a countdown clock, alerting the targeted users to enter their email password in order to avoid deletion of their email accounts.
“These generic style of credential gathering attacks are often used in follow-up attacks that are customized and typically financially-themed spearphishing such as Business Email Compromise (BEC) attacks,” researchers added.
Further, the researchers found that these malicious URLs post the stolen credentials to post.php. This server-side PHP helps prevent displaying where the attackers captured credentials are sent to. Gmail accounts are being primarily used for this campaign.