A phishing campaign targeting telecommunications and financial sectors was identified in late October 2024. The attackers used Google Docs to deliver phishing links, redirecting victims to fake login pages hosted on Weebly. This method bypassed standard email filters and endpoint protections by leveraging trusted platforms. The campaign primarily targeted telecom and financial sectors with customized lures, including AT&T-themed pages and financial institution pages for US and Canadian users. The attackers used dynamic DNS for subdomain rotation and incorporated legitimate tracking tools like Sentry.io and Datadog to monitor phishing page metrics. They also employed fake multi-factor authentication prompts to enhance the appearance of authenticity and increase the chances of success. Author: AlienVault
Related Tags:
tracking tools
google docs
financial sector
sim swapping
T1102.002
mfa bypass
T1059.007
T1566.002
T1204.001
Associated Indicators:
https://update-baca-bank-aqmakaeyaa.weebly.com
https://signup-robinhood.weebly.com
https://securebanklogin.weebly.com
https://yahoopaymentsecurity.weebly.com
https://metamask-us-extension.weebly.com
https://aolservlogsni.weebly.com
https://umpquawoers-accessmail.weebly.com
https://sprinto.com/blog/phishing-statistics/
https://securedprofile-infosuckkk.weebly.com