According to cybersecurity firm Lookout, employees of the Federal Communications Commission (FCC) and cryptocurrency platforms have been targeted in mobile device phishing attacks using a novel and advanced kit.
Using the new kit, attackers create carbon copies of single sign-on (SSO) pages to trick victims into sharing their login credentials via email, SMS, and vishing (voice phishing). The same methods have been used to obtain password reset URLs and photo IDs, with hundreds of people, mostly in the United States, already targeted.
According to Lookout, FCC employees were directed to a phishing page on fcc-okta[.]com that mimicked the legitimate FCC SSO page and asked them to complete a captcha using hCaptcha, creating the illusion of legitimacy.
Read More: FCC Employees Targeted in Sophisticated Phishing Attacks
Check Out The New ITsecuritywire Podcast. For more such updates follow us on Google News ITsecuritywire News.