Menlo Security’s researchers recently uncovered a spear phishing attack at a popular enterprise that went undetected by existing security solutions.
Anatomy of a Spear Phishing Attack
A close examination of this spear phishing event revealed the following details. The attackers:
- Performed various checks on the password entered by the victim and their IP address to determine a true compromise vs. somebody who had figured out the attack.
- Supported various email providers, determined by custom pages served based on the email domain. For example, a victim whose email address was firstname.lastname@example.org would be served a page that looked like a Gmail login page.
- Exfiltrated victim’s personally identifiable information (PII) to an attacker-controlled account.
Download the report now to get the full story.