Security researchers are warning of a new phishing campaign which tries to hurry users into making poor decisions by presenting them with a countdown clock.
Cofense recently spotted the credential harvesting campaign, which arrives in the form of an alert email about a non-existent ‘suspicious login’ to their account.
Purporting to come from a fake security company called ‘DNS Online Security,’ the message requests that the user verify their email or risk being locked out/deactivated.
The phishing page the user is then taken to is designed to socially engineer them into rushing to enter their details, by listing various email addresses from the same company that it says are currently being ‘deleted.’
“The page runs in a loop with randomly generated names assigned to the domain based off the target company’s domain. Sharing some similarities with ransomware, the target company is faced with a countdown timer and the choice of stopping the deletion of potentially company-wide email access or entering their credentials,” wrote Cofense.
“The timer also shares ransomware-type panic creation all designed to push the recipient into entering their credentials without second guessing. These details aren’t deleted and are merely randomly generated as part of the scare tactic. Much the same as a ransomware ‘timer’ for permanent file deletion should the ransom not be paid.”
If the victim provides their credentials, those details are sent to a remote command and control (C&C) server. In some cases, they will be redirected to an ‘account validation’ page, before finally landing at the homepage of the targeted organization.
The campaign highlights the continued innovation and sharing of tactics that occurs on the cybercrime underground, in this case borrowing social engineering techniques from ransomware actors.
Phishing remains the number one threat vector for cyber-criminals. In Q1 2022, detected volumes reached a record high, according to the Anti Phishing Working Group (APWG).