Security News > 2022 > September > Hackers now use ‘sock puppets’ for more realistic phishing attacks
An Iranian-aligned hacking group uses a new, elaborate phishing technique where they use multiple personas and email accounts to lure targets into thinking its a realistic email conversation.
The attackers send an email to targets while CCing another email address under their control and then respond from that email, engaging in a fake conversation.
Named 'multi-persona impersonation' by researchers at Proofpoint who noticed it for the first time, the technique leverages the psychology principle of "Social proof" to obscure logical thinking and add an element of trustworthiness to the phishing threads.
TA453's new tactic requires far more effort from their side to carry out the phishing attacks, as each target needs to be entrapped in an elaborate realistic conversation held by fake personas, or sock puppets.
In a third MPI phishing attack launched by TA453 against two academics specializing in nuclear arms control, the threat actors CCed three personas, going for an even more intricate attack.
In all cases, the threat actors used personal email addresses for both the senders and the CCed persons instead of addresses from the impersonated institutions, which is a clear sign of suspicious activity.
News URL
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)