New phishing operation borrows strategy from ransomware groups

Phishing Operation Strategy Ransomware Threat Groups DNS Online Security Fraud Prevention

Researchers released an advisory about threat actors that employ a new phishing operation, which attempts to pressure their targets into making a quick decision. This advisory shows threat actors devising new techniques to make their illegal activities more profitable.

According to reports, this credential stealing campaign has been discovered by researchers recently, portraying itself as an email regarding a fake suspicious login attempt to the targets’ accounts.


The new phishing operation instills fear in its target.


The phishing emails come from a non-existent security firm called DNS Online Security. This fake cybersecurity company will ask its targets to verify their email to avoid getting locked out of their accounts or deactivated.

The attackers added more pressure to the target by putting a countdown timer on the phishing site that starts from an hour and claims that if the target does not input its username and password, it will be locked out of their email.

Researchers noted that the phishing operators may have borrowed this technique from ransomware groups. This phishing campaign is a tactic that strikes fear in the target about getting locked out of their accounts.

Moreover, this attempt lets its target feel a sense of urgency to force them into following the instructions. Once the victim enters their credentials, the site either accepts the password or says the user has entered an invalid password. Either way, the threat actors will still harvest the data.

The recent phishing incidents show the increasing volumes of sophisticated tactics the threat actors employ. Recently, researchers discovered a phishing operation targeting PayPal users who attempted to steal personal data, including government identification documents.

The tool was stored on an authentic but compromised WordPress website, allowing the actors to bypass security detections.

Furthermore, Microsoft spotted a new extensive phishing campaign that exploited the adversary-in-the-middle strategy (AiTM). The strategy enabled the threat actors to steal passwords while bypassing the MFA security feature.

The recent campaign shows how the threat actors constantly innovate their tactics in the cybercriminal environment. Phishing operators have now also used similar methods as ransomware groups used for their attacks.

MFA is still the best feature to counteract these malicious attempts. However, keeping a cool head and staying alert is a proper way to deal with attacks that attempt to threaten an individual with time pressuring phishing.

About the author

Leave a Reply