When the Perception Point IR team initially reported on this campaign, 49 different companies had at least one compromised employee fall for this attack. Recipients are more likely to trust a message from a known sender, which thus leads them to falling for the phishing attack and continue the cycle. This causes the attack to scale exponentially. Once an attacker gains access to a mailbox, they typically use it to further the campaign by sending more phishing emails to the victim’s contacts. What makes 2-step phishing attacks unique is that they are usually delivered by emails that have already been compromised in the same attack.
Figures 1-4: Attack examples How it spreads
0 kommentar(er)
