this post was submitted on 16 Sep 2024
17 points (100.0% liked)

Cybersecurity

5644 readers
184 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS
top 1 comments
sorted by: hot top controversial new old
[–] Zachariah@lemmy.world 4 points 1 month ago

The starting point of the infection chain is an email message containing a link that mimics a legitimate or compromised domain that, when clicked, triggers the redirection to the actor-controlled credential harvesting page.

To lend the phishing attempt a veneer of legitimacy, the malicious webmail login pages have the recipients' email addresses pre-filled. Attackers have also been observed using legitimate domains that offer URL shortening, tracking, and campaign marketing services.

"By carefully mimicking legitimate domains and redirecting victims to official sites, attackers can effectively mask their true objectives and increase the likelihood of successful credential theft," the researchers said.