Avanan reported:
In this attack, hackers are compromising student accounts to launch broader BEC and credential harvesting attacks.
This email is sent from a legitimate university account. The email uses standard social engineering to convey a sense of urgency–messages have been blocked, and the only way to release them is to click on this link. In this case, 11 emails are waiting to be reviewed.
In this case, this same compromised account sent out numerous messages to a variety of organizations.
When hovering over the “Release messages” button, the URL first points to a Buy Now, Pay Later service called Tabby. However, look a little further down the URL string, and you’ll see a redirect to a different site. That leads to a credential harvesting site.
In this attack, hackers are compromising student accounts to launch broader BEC and credential harvesting attacks.
- Vector: Email
- Type: BEC, Credential Harvesting
- Techniques: Account
- TakeoverTarget: Any end-user
This email is sent from a legitimate university account. The email uses standard social engineering to convey a sense of urgency–messages have been blocked, and the only way to release them is to click on this link. In this case, 11 emails are waiting to be reviewed.
In this case, this same compromised account sent out numerous messages to a variety of organizations.
When hovering over the “Release messages” button, the URL first points to a Buy Now, Pay Later service called Tabby. However, look a little further down the URL string, and you’ll see a redirect to a different site. That leads to a credential harvesting site.
Find out more with the original article here.
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat
Enroll in Training Sessions: Last Thursday of Every Month is Training on Frauds and New Scam Alerts and How to Combat