Credential phishing is a type of email-based attack that uses malicious web forms mimicking legitimate websites to steal the victim’s login credentials. Potentially targeted credentials can include any web-based service, including:
Microsoft Outlook Web Access (OWA) and other corporate web-based email services
Cloud-based sync and sharing services (e.g., DropBox, Box)
Online shopping (Apple ID, Amazon, etc) and loyalty program logins
The credential phishing site frequently appears to be a perfect copy of the targeted website, and as a result a quick visual scan by the victim does not arouse suspicion. However, the domain in the URL will be under the attacker’s control, rather than owned by the targeted organization, and may indicate that the site is not legitimate.
Credential phishing is one of most successful social engineering technique to target larger organizations.
A Twitter account of Prime Minister Narendra Modi’s personal website was hacked early Thursday with a series of cryptic tweets being posted on the account by a group claiming to be John Wick. The account has since been restored. Confirming the same, Twitter said that it was aware of the activity and has taken the required steps to secure the compromised account. It added that it is “actively investigating” the situation. Read more in
While investigations are ongoing, Twitter reported it was the victim of a “coordinated social engineering attack.” The company confirmed that threat actors targeted and successfully manipulated a small group of employees and used their credentials to gain unauthorized access to an administrative tool that is “only available to internal support teams.”
According to Chako social engineering attacks like this one are “so effective because they use psychological manipulation to convince a person to take an action or divulge sensitive information that they shouldn’t. In fact, cyber attackers are the ultimate psychologists.”
Using these psychological tricks, the attackers were able to hijack Twitter accounts then post messages to dupe social media users into donating Bitcoin payments to fraudulent causes.
Below snapshot elaborates how hackers use social engineering attacks by tricking victims and achieved their deadly intentions.
Nowadays it is not surprising for anyone if he/she gets a call from unknown sources. for instance salesperson, marketing and insurance agents. We assume that they have got from the telecom service. To sum up in sentence: We all being watched and it is not GOD.
We have no idea how much information every service provider has about us. Take an example of an insurance agent. Any agent might know your credit score, monthly expenditure and your monthly income. Don’t ask why do they collect? This is called the surveillance economy.
Since our sensitive private information has become a public profile and available to every companies & agencies. Hackers do have the same profile. The only difference is that facebook, amazon, google collects data with white-collar (legally) ways and Hackers collect individual information in different their own way.
Buy your personal information from the dark web (Black market). Hackers sell/buy hacked data on the dark web.
Gather information from multiple social media platforms. Your house, location & your pet name etc. This is all available.
Impersonate you and get sensitive information from telecoms services , banks or some stores where you have done some shopping recently.
Following things you could do in such cases:
Check the authenticity of the person who has contacted you via call, SMS or email. For instance, speak to customer care and enquiry about the matter.
If a person insists to do something related to money, Delay the process. Ask them that you are willing to visit the office and pay.
Ask them to provide proof that you have violated law.