Posted in

New Phishing Campaign Exploits Spam Filter Alerts: How to Stay Safe

by Rakesh0

Cybercriminals have launched a sophisticated phishing campaign that tricks users by impersonating legitimate spam-filter notifications from their own company. This attack is designed to steal email credentials and bypass even advanced security measures.

How the Scam Works

Victims receive an email claiming their organization recently upgraded its Secure Message system. The message warns that some pending emails failed to reach the inbox and urges users to click “Move to Inbox” to retrieve them.

The email looks convincing:

  • Displays generic message titles and delivery reports.
  • Includes an unsubscribe link for legitimacy.
  • Uses company branding to appear authentic.

However, both the main button and the unsubscribe link redirect users through a compromised domain (cbssports[.]com) before landing on a phishing site hosted on mdbgo[.]io.

Personalized Attack Techniques

  • The phishing URL encodes your email address in Base64, allowing the fake login page to display your domain automatically.
  • This personalization makes the scam look routine and trustworthy.

Advanced Credential Theft

Unlike traditional phishing:

  • The fake login page uses WebSocket technology to capture credentials in real time.
  • As you type your username and password, attackers receive each character instantly.
  • They can even prompt for two-factor authentication codes, bypassing extra security layers.

Why This Attack Is Dangerous

  • Real-time credential harvesting means attackers gain access within seconds.
  • They can compromise email accounts, cloud storage, and connected services.
  • The campaign evolves rapidly, using obfuscated code to hide its true purpose.

How to Protect Your Organization

  1. Enable Multi-Factor Authentication (MFA)
    Even if attackers steal credentials, MFA adds an extra barrier.
  2. Educate Employees
    Train staff to recognize phishing red flags:
    • Urgent requests to click links.
    • Unexpected system notifications.
    • Suspicious URLs or redirects.
  3. Use Advanced Email Security
    Deploy tools that:
    • Detect phishing patterns.
    • Block malicious links.
    • Analyze email headers for anomalies.
  4. Monitor for Account Compromise
    Implement alerts for unusual login activity and enforce conditional access policies.
  5. Report and Block
    If you receive such emails:
    • Do not click links.
    • Report to your IT security team.
    • Block the sender domain immediately.
Subscribe

Leave a Reply

Your email address will not be published. Required fields are marked *