Fortra threat researchers recently uncovered a stealthy phishing campaign and a growing phishing-as-a-service (PhaaS) operation. In a Healthcare IT News article, Zachary Travis details how attackers used layered messages, fake branding, and hidden code to trick Microsoft Office 365 users into handing over credentials.
Separately, Max Ickert’s research spotlights SheByte, a new PhaaS platform offering phishing kits and tools that let scammers intercept multi-factor authentication codes in real time. SheByte appears to have emerged as a replacement for LabHost, which was shut down last year.
Originally published in Healthcare IT News.
Excerpt: “To better understand this phishing campaign, Fortra researched incidents across 30 organizations across varying industries. The company said that more than 2,000 emails tied to this campaign have already been quarantined.”