Phished Account Credentials Mostly Verified in Hours

Posted on June 9, 2021 | Infrastructure and Data Protection

Attackers from 44 countries used look-alike cloud portals to collect users' credentials, verified the majority of username-password combination in hours, and used them to send malicious payloads and spam to other Internet users and to conduct business email compromise (BEC), email-security firm Agari states in a new report.

The report summarizes a six-month study by Agari researchers, who created an automated system to create 8,000 email accounts and submit them to phishing sites after those sites were discovered. The majority of phishing sites mimicked a Microsoft account or a specific Microsoft service, but a significant number of sites — 26% — were disguised as the login for Adobe Document Cloud.

Read the full story here: https://beta.darkreading.com/threat-intelligence/phished-account-credentials-mostly-verified-in-hours