Security News > 2020 > August > How phishing attacks have exploited Amazon Web Services accounts
A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services.
In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.
After the landing page captured the AWS credentials of any unsuspecting victims, the process redirected them back to Amazon itself, as if to place them in safe hands.
Harvest sensitive data from the account to be exploited in still further attacks against customers, partners, or clients.
Use an organization's AWS account as a phishing platform, which could involve exploiting the account to distribute malware as well as host credentials-phishing pages or other files used in phishing attacks.
News URL
Related news
- European retailer Pepco loses €15.5 million in phishing (possibly BEC?) attack (source)
- Need to Know: Key Takeaways from the Latest Phishing Attacks (source)
- Vishing, smishing, and phishing attacks skyrocket 1,265% post-ChatGPT (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Flipper Zero WiFi phishing attack can unlock and steal Tesla cars (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- New Phishing Attack Uses Clever Microsoft Office Trick to Deploy NetSupport RAT (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- New StrelaStealer Phishing Attacks Hit Over 100 Organizations in E.U. and U.S. (source)