March 4, 2024 at 07:18AM
Cybersecurity firm Lookout warns of novel mobile device phishing attacks targeting FCC employees and cryptocurrency platforms. Attackers create replicas of single sign-on pages to trick victims into sharing login credentials using email, SMS, and vishing. The phishing kit can impersonate multiple brands and has successfully targeted hundreds of individuals in the United States. Some phishing sites remain active despite takedown attempts.
Based on the meeting notes, the Federal Communications Commission (FCC) employees and cryptocurrency platforms have been targeted in mobile phishing attacks using a novel and advanced phishing kit, as reported by cybersecurity firm Lookout.
The attackers create carbon copies of single sign-on (SSO) pages to trick victims into sharing their login credentials via email, SMS, and vishing (voice phishing). This has resulted in the collection of legitimate email addresses, passwords, OTP tokens, password reset URLs, photos of driver’s licenses, and more from over 100 victims.
The FCC employees were lured to a phishing page that mimicked the legitimate FCC SSO page, and were asked to complete a captcha using hCaptcha, creating the illusion of legitimacy. The attackers then prompted victims to provide their username and password, and then asked for multi-factor authentication (MFA) tokens based on a series of options the phishing page’s administrators could use in real time.
These phishing sites continue to operate, with some active since November 2023 and hosted by various providers including Hostwinds, Hostinger, and RetnNet. The attacks show similarities with the operations of threat actor Scattered Spider, but Lookout believes that this phishing campaign is operated by a different, likely copycat group, based on differences in infrastructure and capabilities.
It is important to note that Lookout recommends continued vigilance and adherence to anti-phishing guidance from the US government, and emphasizes the need for heightened cybersecurity measures to combat such attacks.