Security News > 2020 > October > Phishers Capitalize on Headlines with Breakneck Speed

Marking a pivot from COVID-19 scams, researchers track a single threat actor through the evolution from the pandemic to PayPal, and on to more timely voter scams - all with the same infrastructure.

"The range of information credential-phishing themes - PayPal, COVID-19, voting - illustrate how actors often simply pivot from one theme to the next, all while using similar infrastructure and backend functionality," Sherrod DeGrippo, senior director of threat research and detection for Proofpoint, told Threatpost.

Tracking phishing kit data isn't new, but the Proofpoint team noticed that the same infrastructure was being used to support various scams, making it easy to lure in as many victims as possible.

"The major changes observed are in branding only - the actor continues to use similar elements and backend code, evidenced by the POST of user-supplied information to the same email address across multiple information-phishing operations," according to Proofpoint's findings, issued this week.

"The last messages we observed from this actor using voter-registration themes were sent on October 7," Proofpoint added.

News URL

https://threatpost.com/phishers-capitalize-headlines-speed/160249/