A few days ago researchers from the Lookout Phishing AI reported a mobile-aware phishing campaign that targets non-governmental organizations around the world including UNICEF, a variety of United Nations humanitarian organizations, the Red Cross and UN World Food, etc. The company has also contacted law enforcement and the targeted organizations.
“The campaign is using landing pages signed by SSL certificates, to create legitimate-looking Microsoft Office 365 login pages,” Threatpost reports.
According to the Lookout Phishing AI researchers, “The infrastructure connected to this attack has been live since March 2019. Two domains have been hosting phishing content, session-services[.]com and service-ssl-check[.]com, which resolved to two IPs over the course of this campaign: 22.214.171.124 and 126.96.36.199. The associated IP network block and ASN (Autonomous System Number) is understood by Lookout to be of low reputation and is known to have hosted malware in the past.”
“Mobile web browsers also unintentionally help obfuscate phishing URLs by truncating them, making it harder for the victims to discover the deception,” Jeremy Richards, Principal Security Researcher, Lookout Phishing AI wrote in his blog post.
Further, the SSL certificates used by the phishing infrastructure had two main ranges of validity: May 5, 2019 to August 3, 2019, and June 5, 2019 to September 3, 2019. The Lookout researchers said that currently, six certificates are still valid. They also suspect that these attacks may still be ongoing.
Alexander García-Tobar, CEO and co-founder of Valimail, told Threatpost via email, “By using deviously coded phishing sites, hackers are attempting to steal login credentials and ultimately seek monetary gain or insider information.”
To know more about this news in detail, read Lookout’s official blog post.