Employees of US NGOs Fight for the Future and Free Press were targeted with complex spear-phishing attempts Attack.Phishing between July 7 and August 8 , reported today the Electronic Frontier Foundation ( EFF ) . Both organizations targeted in the attacks Attack.Phishing are currently fighting against for Net Neutrality in the US . Based on currently available evidence , the attacks appear to have been orchestrated by the same attacker , located in a UTC+3-5:30 timezone , said EFF Director of Cybersecurity Eva Galperin and EFF security researcher Cooper Quintin . At least one victim fell for the attacks `` Although this phishing campaign Attack.Phishing does not appear to have been carried out by a nation-state actor and does not involve malware , it serves as an important reminder that civil society is under attack , '' said the two today . `` It is important for all activists , including those working on digital civil liberties issues in the United States , to be aware that they may be targeted by persistent actors who are well-informed about their targets ’ personal and professional connections . '' At least one victim fell for the 70 fake emails sent Attack.Phishing during the phishing attempts Attack.Phishing . Attackers did n't deliver malware but lured Attack.Phishing victims away on a remote site designed to phish Google , Dropbox , and LinkedIn credentials . `` The attackers were remarkably persistent , switching up their attacks after each failed attempt and becoming increasingly creative with their targeting over time , '' EFF said . The most creative of the spear-phishing emails was when victims received Attack.Phishing emails with the subject line `` You have been successfully subscribed to Pornhub.com , '' or `` You have been successfully subscribed to Redtube.com , '' two very popular adult video portals . Minutes later , victims received Attack.Phishing another email made to look like Attack.Phishing it was coming from Attack.Phishing the same two services . These second emails contained explicit subject lines . Because spear-phishing emails were aimed Attack.Phishing at work emails , most victims would have been inclined to unsubscribe from the incoming emails . This was the catch , as attackers doctored the unsubscribe link , leading Attack.Phishing victims to a fake Google login screen . Attackers used different tactics as the campaign progressed The PornHub and RedTube phishes Attack.Phishing were not the only ones . Attackers also used other tactics . ⬭ Links to generic documents that asked users to enter credentials before viewing . ⬭ LinkedIn message notifications that tried to trick Attack.Phishing users into giving away LinkedIn creds . ⬭ Emails disguised to look like Attack.Phishing they were coming from Attack.Phishing family members , sharing photos , but which asked the victim to log in and give away credentials instead . ⬭ Fake email notifications for hateful comments posted on Attack.Phishing the target 's YouTube videos . When the victim followed the link included in the email , the target would have to enter Google credentials before performing the comment moderation actions . ⬭ Emails that looked like Attack.Phishing a friend was sharing Attack.Phishing interesting news stories . Used topics and subject lines include : - Net Neutrality Activists 'Rickroll ' FCC Chairman Ajit Pai - Porn star Jessica Drake claims Donald Trump offered her $ 10G , use of his private jet for sex - Reality show mom wants to hire a hooker for her autistic son In one case , one of the targeted activists received a request from a user asking for a link to buy her music . When the target replied , the attacker answered back Attack.Phishing with a Gmail phishing link , claiming the buy link did n't work . EFF experts say that victims who had two-factor authentication turned on for their accounts would have prevented attackers from logging into their profiles even if they had managed to obtain Attack.Databreach their password .

Last week I ran across a very successful phishing campaign Attack.Phishing , what ’ s odd in most ways it was nothing special . The attacker was using this more like a worm , where stolen Attack.Databreach credentials would be used within the hour to start sending out Attack.Phishing a mass amount of more phishes Attack.Phishing . I 've decided to call this `` Dynamite Phishing Attack.Phishing `` because there is nothing quiet about this at all . It seems about 40 % of the credentials were used for more mailings , and the other account 's credentials had not been used . The initial phishes Attack.Phishing came in Attack.Phishing from a K12 domain from several affected individuals . The email subject was “ You have an Incoming Document Share With You Via Google Docs ” . The contents of the email were base64 encoded , while it appears to be common Content-Transfer-Encoding , it 's not something I typically run into especially when looking at Phishes . The link in the document went to `` hxxp : //bit.ly/2kZJbW3 '' which went to hxxp : //jamesrichardsquest.co.nf/lib The landing page was setup as a generic Outlook Web Access 2013 login page . It appears the EM_Client is a pretty popular email client , but it maybe something you can block on depending on your environment . user-agent : eM_Client/7.0.27943.0 While most people have good protections from Emails coming from external entities into their email environment , many don ’ t push the same protections intra-domain . The volume of email sent from Attack.Phishing the Phished accounts to other Internal accounts is what made this so successful