PhishWire - Aug 5 2024

Phish Wire

What Happened

As we approach the back-to-school season, we continue to observe an increase in spearphishing attacks targeting staff and administrative credentials. Below are a few examples:

chameleonsalesofficelogin[.]atay[.]xyz

dnsseciraapaske[.]wegetme[.]com

I0h97wi4pxih-b6prl6yz9ahw[.]line[.]pm

servicecsamz979[.]duckdns[.]org

ak.tobanettean[.]com

261755[.]com/

Like prior attacks that PhishID identified, the targeted credentials are personal email accounts, eg. ***@att.net or ***@aol.com, while utilizing school district devices. PhishID is able to protect users against these types of credential exploits by identifying and intercepting fraudulent requests for login credentials in the browser when links are opened. This means PhishID protects users, regardless if the user clicks links in their school issued or personal email, including other threat vectors. 

The below phishing attacks targeted Amazon credentials and were clicked by a high-level administrator and another staff member on July 24th and 25th. While the staff members were on their school-issued devices and checking personal email, the links were clicked, prompting the user for their login credentials.

The same week, another staff member clicked on a spearphish that originated in Hotmail, utilizing Microsoft O365 on their school-issued device.

How it happens

As attackers become more sophisticated, they are gathering the personal email addresses of their targets. Since district email boxes are often protected with security tools, hackers are choosing to eschew those protections by sending phishing links to the personal email addresses of their targets. Personal email addresses are often widely available on social media and can be acquired en masse when a compromised user has their contacts leaked out.

Actions

Remember to add these domains to your block lists, focus awareness efforts on high-risk credentials (staff and students), and deploy PhishID to protect credentials from targeted spear phishing campaigns. 

Educate users to be cautious of attacks targeting both their personal and school-issued credentials in their email, particularly when they are on school-issued devices.