uTalk

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Cybercriminals Create Credible Phishing Pages

Since at least mid-2022, cybercriminals have been using a new phishing-as-a-service (PhaaS or PaaS) platform called Greatness to target business users of the Microsoft 365 cloud service, effectively lowering the barrier to entry for phishing attacks.

"Greatness, for now, is only focused on Microsoft 365 phishing pages, providing its affiliates with an attachment and link builder that creates extremely convincing decoy and login pages," said Cisco Talos researcher Tiago Pereira.

It has elements like pre-filling the victim's email address and showing their appropriate company logo and background image, which were taken from the target organization's actual Microsoft 365 login page, among other things. ".

Manufacturing, healthcare, and technology companies with U.S. locations predominately participate in campaigns for Greatness. S. , the U. K. , Australia, South Africa, Canada, and Australia, with a December 2022 and March 2023 activity peak.

Phishing kits like Greatness provide threat actors—whether experienced or inexperienced—with a convenient one-stop shop that is affordable and scalable, enabling them to create convincing login pages for a variety of online services and get around two-factor authentication (2FA) security measures.

The decoy pages, in particular, act as a reverse proxy to collect login information and time-based one-time passwords (TOTPs) supplied by the victims.
Attack chains start with malicious emails that include an HTML attachment. When opened, the HTML file executes obfuscated JavaScript code that directs the user to a landing page with the recipient's email address pre-filled and requests their password and MFA code.

In order to gain unauthorized access to the accounts in question, the entered credentials and tokens are then sent to the affiliate's Telegram channel.

Additionally, the AiTM phishing kit includes an administration panel that enables the affiliate to customize the Telegram bot, monitor data breaches, and even create malicious attachments and links.

Additionally, in order to load the phishing page, each affiliate is required to have a current API key. The API key also enables behind-the-scenes communication with the genuine Microsoft 365 login page by posing as the victim and preventing unwanted IP addresses from viewing the phishing page.
Together, the phishing kit and the API carry out a "man-in-the-middle" attack by asking the victim for information, which the API will then transmit in real time to the authentic login page, according to Pereira.

"If the victim employs MFA, this enables the PaaS affiliate to steal both the victim's username and password as well as the authenticated session cookies. ".

The findings coincide with Microsoft's implementation of number matching in Microsoft Authenticator push notifications starting on May 8, 2023, in order to strengthen 2FA security and thwart prompt bombing attacks.

PEACEMAKER

Member

Registered: 2023-01-27

Posts: 412

Re: Cybercriminals Create Credible Phishing Pages

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

IyaJJJ

Member

Registered: 2023-01-25

Posts: 1,543

Re: Cybercriminals Create Credible Phishing Pages

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Re: Cybercriminals Create Credible Phishing Pages

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

joanna

Member

Registered: 2023-01-10

Posts: 2,306

Re: Cybercriminals Create Credible Phishing Pages

The Philippine are trying to make scamming a norms there. The safety of your Crypton or Crypton is solely in your hands

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

IyaJJJ

Member

Registered: 2023-01-25

Posts: 1,543

Re: Cybercriminals Create Credible Phishing Pages

But Philippine is not among the country that was mention in the article posted by the orginal topic poster or there's is a mistake i made when read this thread?

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Re: Cybercriminals Create Credible Phishing Pages

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

joanna

Member

Registered: 2023-01-10

Posts: 2,306

Re: Cybercriminals Create Credible Phishing Pages

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

Browsing the internet with free antivirus is never a good idea and i am sure if the user that explained the file sent him use free antivirus there's possibility that it wont detect the malicious file as something that could harm the user.

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Re: Cybercriminals Create Credible Phishing Pages

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

Browsing the internet with free antivirus is never a good idea and i am sure if the user that explained the file sent him use free antivirus there's possibility that it wont detect the malicious file as something that could harm the user.

Yes, there's a huge chance that the user would have been a victim of bad actors that sent the file. However, it is always nice to know how the online scammer operate.

Last edited by thrive (2023-05-15 21:40:47)

IyaJJJ

Member

Registered: 2023-01-25

Posts: 1,543

Re: Cybercriminals Create Credible Phishing Pages

Yes, one of the means to secure ourselves from any form of attack started with using a paid version of the most reputable antivirus which also has 24/7 internet security potential and knows about the con and pro surf the internet in a secure way.

Browsing the internet with free antivirus is never a good idea and i am sure if the user that explained the file sent him use free antivirus there's possibility that it wont detect the malicious file as something that could harm the user.

Yes, there's a huge chance that the user would have been a victim of bad actors that sent the file. However, it is always nice to know how the online scammer operate.

It's good to understand how cryptocurrency scammers operate but there's no way anyone can totally understand all their strategies and with more consciousness when online.

Comrade

Member

From: Utopia App Client

Registered: 2022-12-30

Posts: 1,591

Re: Cybercriminals Create Credible Phishing Pages

No, you didn't make any mistake, I guess he may have had a sad experience before with scammers who are from the geographical area he mentioned but it is all good if we can be more careful when doing our online activities.

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

IyaJJJ

Member

Registered: 2023-01-25

Posts: 1,543

Re: Cybercriminals Create Credible Phishing Pages

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Re: Cybercriminals Create Credible Phishing Pages

The area I believe people need to be more careful of is the email and link they choose to click because there's a lot of phishing mail, link, and files sent through messenger, email, etc this day

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

Every great invention is what online scammers always used to scam people and there are different between email marketing and phishing email scam. Just be well informed so you wont be a victim.

crpuusd

Member

From: Blockchain

Registered: 2022-12-13

Posts: 1,619

Re: Cybercriminals Create Credible Phishing Pages

You're totally about what you said and I am almost a victim of a phishing file attack days ago when something like a pdf file was sent to me through a friend's Skype. What I can say is that it's also good to have a good antivirus and internet security.

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Comrade

Member

From: Utopia App Client

Registered: 2022-12-30

Posts: 1,591

Re: Cybercriminals Create Credible Phishing Pages

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

oba

Member

Registered: 2023-01-13

Posts: 1,858

Re: Cybercriminals Create Credible Phishing Pages

It all occur that the plishing mail method have been one of the tools for email marketing. Its very strange some people use it wrongly.  Thats spamming. Its a luck that utopia p2p doesnt required personal information.

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Yes, scammers different unique tools especially marketing tools to send out phishing and different scam emails but it's impossible to know all their subject curriculum

Vastextension

Member

Registered: 2022-11-19

Posts: 1,931

Re: Cybercriminals Create Credible Phishing Pages

The phishing email is not what is used in email marketing because phishing email is a method used by a scammer to create a mirror email address or example email address that look just like Binance in order to trick Binance customer into a way they will scam them.

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

IyaJJJ

Member

Registered: 2023-01-25

Posts: 1,543

Re: Cybercriminals Create Credible Phishing Pages

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

Yes, just like we have many altcoins in the cryptocurrency market so there are many scammers and some use romantic scams, email, hacking, and phishing site scams. Besides, there are some which have to do with physical business scams and all we need to do is to be careful cause no one is ever safe.

Europ

Member

Registered: 2023-05-23

Posts: 1,406

Re: Cybercriminals Create Credible Phishing Pages

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

Yes, just like we have many altcoins in the cryptocurrency market so there are many scammers and some use romantic scams, email, hacking, and phishing site scams. Besides, there are some which have to do with physical business scams and all we need to do is to be careful cause no one is ever safe.

Security has the best value in protecting one's entity. Utopia has a well-developed ecosystem as more than a high-definition encrypted programs to secure the privacy of all users. We are in a civilized world where a fiat currency it's been improvised and seized for government self use. It important to have a safe investing platform where your currency will be saved for future use and uncompromised

joanna

Member

Registered: 2023-01-10

Posts: 2,306

Re: Cybercriminals Create Credible Phishing Pages

We all knows that the subject curriculum of the scammers is to use all provided tools either by  marketing and informational or secured service provided for special uses and public corporation.

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Re: Cybercriminals Create Credible Phishing Pages

Scamming is technical, mentally and educational. Its a target risk and looking for loopholes to defraud,decrypt and improvise. Its only users who enable them get what they want if they tend to embrace unsafe sites .

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

joanna

Member

Registered: 2023-01-10

Posts: 2,306

Re: Cybercriminals Create Credible Phishing Pages

Scamming varies though there are some which require technical just like we see in the bad actors that scam using Ransomware to scam their victims but most of the victims are not through unsafe sites.

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

thrive

Member

Registered: 2023-01-04

Posts: 1,985

Re: Cybercriminals Create Credible Phishing Pages

To be honest some scammer victims never visit unsafe websites and not many socialites either but what makes them vulnerable is the information they share on centralized social media.

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

If we want this to really stop, then UtopiaP2P needs to create a privacy-supported social media network for people who value privacy.

joanna

Member

Registered: 2023-01-10

Posts: 2,306

Re: Cybercriminals Create Credible Phishing Pages

That's so true. I could remember that Facebook CEO was fined $ 1.3 billion for data privacy violations. For example, if this privacy data get into the wrong hand the people that own the data are in trouble.

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

If we want this to really stop, then UtopiaP2P needs to create a privacy-supported social media network for people who value privacy.

A user of this forum once suggested that UtopiaP2P developers create a privacy-supported social media network but a lot of people think it's something we don't need, I guess this is what the user was thinking about when he made the suggestion.

Comrade

Member

From: Utopia App Client

Registered: 2022-12-30

Posts: 1,591

Re: Cybercriminals Create Credible Phishing Pages

What you said here reminds me of when I first learned about the UtopiaP2P project because this is the exact thing they pointed out that it needs to be stopped

If we want this to really stop, then UtopiaP2P needs to create a privacy-supported social media network for people who value privacy.

A user of this forum once suggested that UtopiaP2P developers create a privacy-supported social media network but a lot of people think it's something we don't need, I guess this is what the user was thinking about when he made the suggestion.

Believé in those that believe in you. Utopia comes with a tendency to protect.