Web-based phishing scheme seeks out any email account

Share this article:

Perpetrators of a web-based phishing scheme are accepting any email credentials, most likely in a bid to speed up the arduous, yet typically more successful process of individually targeting a specific organization in order to steal account information.

The scheme begins by clicking on shortened URLs that direct to pages imitating popular websites, such as Facebook, OneDrive and even Google Docs, which is now known as Google Drive, according a Monday post by Abigail Villarin, a fraud analyst with Trend Micro.

On the phony pages, users are given the option to log in using Yahoo, Gmail, AOL or Windows Live email accounts, or they can choose an “other emails” option, according to the post, which adds that the phishing login will accept anything, including gibberish.

Upon logging in, users are then redirected to the legitimate sites.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Four men charged with stealing Microsoft and U.S. Army trade secrets

Four men charged with stealing Microsoft and U.S. ...

The young men allegedly used SQL injection and stolen logins to gain access to systems at various companies and steal their intellectual property.

Google bumps maximum Chrome bug bounty reward to $15K

A high-quality report with a functional exploit for a sandbox escape will earn a bug hunter $15,000, according to the new reward amounts.

Survey: orgs adopt hybrid cloud environments despite security concerns

Survey: orgs adopt hybrid cloud environments despite security ...

Despite difficulties and concerns regarding security, more than 60 percent of respondents have adopted or plan to adopt a hybrid cloud environment.