Recent reports warn that UN officials may be targeted by a new phishing campaign, which is trying to trick them into revealing their login credentials.
According to a security company known as Lookout, there is a new phishing campaign targeting UN officials. The company claims that several of the staffers have been targeted with fake login pages, which looked like rather convincing alternatives to the real UN website. These pages were created by hackers who then sent them to the officials, hoping to steal their login credentials.
Lookout claims that some of the fake pages are still out there, alive, and a threat. At least one page poses as UNICEF, while there is another which looks like an exact replica of the UN World Food Program. These are not the only ones, either.
The security company also pointed out that the fake pages can determine whether the user is on a computer or a mobile device, and it delivers specific content, depending on the type of device that is used. Furthermore, browsers on mobile make it difficult to recognize that the site is fake by truncating them.
Another thing that makes it rather difficult to spot a fake page is the fact that they are using SSL certificates. As a result, browsers tend to recognize them as valid pages. Lookout was even able to locate at least six of the pages which have a valid certificate, as mentioned in their report. It still remains unknown how the hackers have managed to create and list the fake pages, although the security firm believes that it was likely through messages sent via texts, email, or social media.
It was also concluded that the infrastructure behind the fake pages existed since March of this year. As mentioned, there are a number of pages apart from the ones mentioned so far, including login portals for the Heritage Foundation think tank, based in Washington DC, as well as the University of California, San Diego, and German versions for AOL and Yahoo!
The company was able to uncover the campaign by using anti-Phishing AI which scans the internet for suspicious websites.
What do you think about the new phishing campaign? Are you concerned about hackers and attacks of this kind? Leave a comment below and let us know.
Images courtesy of Shutterstock.
Top crypto projects in the US | April 2024
Trusted
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Sponsored
Sponsored