Security News > 2023 > October > New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives
Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack.
A new EvilProxy phishing attack is leveraging an open redirection flaw from the legitimate Indeed.com job search site, according to a report from Menlo Security, a cloud-based security company.
Menlo Security notes this phishing attack campaign targets C-suite employees and other key executives at U.S.-based organizations primarily in manufacturing, insurance, banking and financial services, property management and real estate.
How this new phishing campaign abuses Indeed.com redirector.
This new EvilProxy attack starts with a phishing email sent to targets.
An HTTP POST request contains the victim's base64-encoded email address and a session identifier, which is also typical of the EvilProxy phishing kit.
News URL
https://www.techrepublic.com/article/new-evilproxy-phishing-attack-targets-executives/
Related news
- Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks (source)
- iOS devices face twice the phishing attacks of Android (source)
- China names alleged US snoops over Asian Winter Games attacks (source)
- Windows NTLM hash leak flaw exploited in phishing attacks on governments (source)
- Three Reasons Why the Browser is Best for Stopping Phishing Attacks (source)
- Phishing detection is broken: Why most attacks feel like a zero day (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)
- Low-tech phishing attacks are gaining ground (source)
- Ukrainian extradited to US for Nefilim ransomware attacks (source)
- MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks (source)