Security News > 2022 > September > Hackers now use ‘sock puppets’ for more realistic phishing attacks

An Iranian-aligned hacking group uses a new, elaborate phishing technique where they use multiple personas and email accounts to lure targets into thinking its a realistic email conversation.

The attackers send an email to targets while CCing another email address under their control and then respond from that email, engaging in a fake conversation.

Named 'multi-persona impersonation' by researchers at Proofpoint who noticed it for the first time, the technique leverages the psychology principle of "Social proof" to obscure logical thinking and add an element of trustworthiness to the phishing threads.

TA453's new tactic requires far more effort from their side to carry out the phishing attacks, as each target needs to be entrapped in an elaborate realistic conversation held by fake personas, or sock puppets.

In a third MPI phishing attack launched by TA453 against two academics specializing in nuclear arms control, the threat actors CCed three personas, going for an even more intricate attack.

In all cases, the threat actors used personal email addresses for both the senders and the CCed persons instead of addresses from the impersonated institutions, which is a clear sign of suspicious activity.

News URL

https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks/