Security News > 2023 > October > New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives
Microsoft, the Dark Web and the name John Malkovich all factor into this EvilProxy phishing attack.
A new EvilProxy phishing attack is leveraging an open redirection flaw from the legitimate Indeed.com job search site, according to a report from Menlo Security, a cloud-based security company.
Menlo Security notes this phishing attack campaign targets C-suite employees and other key executives at U.S.-based organizations primarily in manufacturing, insurance, banking and financial services, property management and real estate.
How this new phishing campaign abuses Indeed.com redirector.
This new EvilProxy attack starts with a phishing email sent to targets.
An HTTP POST request contains the victim's base64-encoded email address and a session identifier, which is also typical of the EvilProxy phishing kit.
News URL
https://www.techrepublic.com/article/new-evilproxy-phishing-attack-targets-executives/
Related news
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- How to Prevent Phishing Attacks with Multi-Factor Authentication (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- Critical PostgreSQL bug tied to zero-day attack on US Treasury (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Darktrace: 96% of Phishing Attacks in 2024 Exploited Trusted Domains Including SharePoint & Zoom Docs (source)
- Phishing attack hides JavaScript using invisible Unicode trick (source)
- FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (source)