A new phishing campaign is luring victims with a fake story about an attempt on President-elect Donald Trump’s life.
While there have been real assassination attempts against Trump, this one is fake news. The story, which implies it is from the New York Times (NYT), describes Trump in a critical condition after being shot by Iranian agents.
Curiously, it also states that the information is “classified”.
By impersonating brands, like news media organizations, attackers create an image of credibility.
Once the victim clicks to view the full story, they are taken to a phishing form requesting the password to their company/corporate domain account for authentication purposes..
Ondrej Kubovic, Security Awareness Specialist at ESET, highlighted that the phishing form is dynamically loaded.
“This means the content will probably change from victim to victim, e.g. if the recipient works for Yahoo, it’s probably going to download Yahoo logo and colors to make the login form look more believable,” Kubovic told Infosecurity.
In the example shared by the cybersecurity firm on X, the form impersonated ESET branding.
As for countermeasures, Kubovic told Infosecurity that ESET products are detecting and blocking the emails, scripts and URLs included in this campaign. The firm has also notified other security vendors.
This phishing campaign has been detected and blocked since 10pm CET on November 13, 2024. ESET was notified of its existence via internal channels.
ESET is currently detecting hundreds of new phishing websites daily that impersonate local and global brands of organizations, Kubovic said.
“The URLs for these websites are spread via malicious social media ads and their main goal is to harvest victims contact information and use those to subsequently manipulate victims into making fake (crypto)investments,” he explained.
Read more: Iran Behind Trump Campaign Hack, US Government Confirms
Image credit: Jonah Elkowitz / Shutterstock.com