- 11 Nov 2024
- 1 Minute to read
- Print
- DarkLight
Phish Wire - Nov 11 2024
- Updated on 11 Nov 2024
- 1 Minute to read
- Print
- DarkLight
Phish Wire: November 11 2024
During Halloween and early November, staff targeting continued in districts across Texas and Washington. These included phishing campaigns targeting staff on their personal accounts while using district work devices. Here are just a few examples and highlights:
relishme[.]com/n
sabbaashopview[.]com
jj3y[.]evluator[.]com
zhh8pha4ghv[.]westcovine[.]org
amerihdladlrka[.]com
en[.]3-112-32-155[.]cprapid.com
aceinst[.]edu[.]pk
e-documentsign[.]com
att-104671[.]weeblysite[.]com
Personal Targeting
On October 28th, a middle school teacher clicked on the below phishing link targeting their personal AOL account.
Hackers like to target district staff on personal accounts like AOL and Gmail, because those accounts tend to be less well defended than institutional email accounts. After gaining access to a staff member’s personal email, hackers can then move laterally to further compromise colleagues in their network. This phishing attack was well concealed and has since remained unknown on VirusTotal.
Detection Resistant Spearfish Campaigns
We further saw detection resistant spearphish targeting administrators. The link below was clicked by three administrators and used stealth redirects to remain undetected.
Notable developments included phishing campaigns targeting employees' Google Documents and American Express credentials, which were outside the realm of traditional email attacks.
Actions
Remember to add these domains to your block lists, spam filters, and web content filters
Focus awareness efforts on high-risk credentials (staff and students)
Deploy PhishID to protect credentials from targeted spear phishing campaigns
Prioritize phishing awareness efforts for high-priority staff
Educate users that multi-factor authentication is not a phishing panacea
Encourage users to double-check the domain even if the page is requesting a multi-factor one-time-password