Security News > 2023 > October > New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives
Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack.
A new EvilProxy phishing attack is leveraging an open redirection flaw from the legitimate Indeed.com job search site, according to a report from Menlo Security, a cloud-based security company.
Menlo Security notes this phishing attack campaign targets C-suite employees and other key executives at U.S.-based organizations primarily in manufacturing, insurance, banking and financial services, property management and real estate.
How this new phishing campaign abuses Indeed.com redirector.
This new EvilProxy attack starts with a phishing email sent to targets.
An HTTP POST request contains the victim's base64-encoded email address and a session identifier, which is also typical of the EvilProxy phishing kit.
News URL
https://www.techrepublic.com/article/new-evilproxy-phishing-attack-targets-executives/
Related news
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Vodka maker Stoli files for bankruptcy in US after ransomware attack (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- Inside the incident: Uncovering an advanced phishing attack (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US names Chinese national it alleges was behind 2020 attack on Sophos firewalls (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)