Security News > 2022 > September > Hackers now use ‘sock puppets’ for more realistic phishing attacks
An Iranian-aligned hacking group uses a new, elaborate phishing technique where they use multiple personas and email accounts to lure targets into thinking its a realistic email conversation.
The attackers send an email to targets while CCing another email address under their control and then respond from that email, engaging in a fake conversation.
Named 'multi-persona impersonation' by researchers at Proofpoint who noticed it for the first time, the technique leverages the psychology principle of "Social proof" to obscure logical thinking and add an element of trustworthiness to the phishing threads.
TA453's new tactic requires far more effort from their side to carry out the phishing attacks, as each target needs to be entrapped in an elaborate realistic conversation held by fake personas, or sock puppets.
In a third MPI phishing attack launched by TA453 against two academics specializing in nuclear arms control, the threat actors CCed three personas, going for an even more intricate attack.
In all cases, the threat actors used personal email addresses for both the senders and the CCed persons instead of addresses from the impersonated institutions, which is a clear sign of suspicious activity.
News URL
Related news
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- Russian hackers attack Western military mission using malicious drive (source)
- iOS devices face twice the phishing attacks of Android (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)