A phishing attack using a novel technique to steal credentials from American Express customers was recently found in an email inbox protected using Microsoft’s Office 365 Advanced Threat Protection (ATP) by Cofense Phishing Defense Center researchers.
The phishing campaign targeted both corporate and consumer cardholders with phishing emails full of grammatical errors but with a small but deadly twist: instead of using the regular hyperlink to the landing page trick, this one used a base HTML element to hide the malicious URL from antispam solutions.
This allows the attackers to specify the base URL that should be used for all relative URLs within the phishing message, effectively splitting up the phishing landing page in two separate pieces. It also helps to hide it from the target since, on hover, the hyperlink will only show the end part of the malicious link, without the domain used to host the landing page.
The malicious mail “asks the would-be victim to verify his or her personal information ‘Due to a recent system maintenance’ and says that failure to comply would lead to a ‘temporary suspension’ of the account,” says the Cofense report.
This is not the first time AMEX customers have been targeted by phishing campaigns with two of them going after American Express clients to steal their credit card and social security information as discovered by the Office 365 Threat Research team in March.
For more cybersecurity news and insights click here: https://ascensiongt.com/cybersecurity-news-and-insights/