"An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. Although threat actors targeting business ad manager accounts isn't new, the campaign discovered by Push Security is highly targeted, with professionally crafted lures that create conditions for high success rates. Access to marketing accounts gives threat actors a springboard to launch malvertising campaigns for AiTM phishing, malware distribution, and ClickFix attacks."
"The attack starts with the threat actor impersonating a recruiter for a well-known brand and then sending a fake meeting invitation to the target. The phishing emails are believed to have been crafted using AI tools and to impersonate over 75 brands, including LVMH, Lego, Mastercard, and Uber. Once the victim clicks the link, they are taken to a fake Calendly landing page that presents a CAPTCHA, followed by an AiTM phishing page that attempts to steal visitors' Google Workspace login sessions."
Threat actors run a targeted phishing campaign that impersonates over 75 major brands to harvest Google Workspace and Facebook business account credentials through Calendly-themed lures. Attackers impersonate legitimate recruiters and send fake meeting invitations that link to counterfeit Calendly pages presenting CAPTCHAs and AiTM phishing flows. Compromised marketing and ad manager accounts enable malvertising, AiTM phishing, malware distribution, ClickFix attacks, and targeted watering-hole campaigns using geo-, domain-, and device-specific filtering. Stolen marketing accounts can be monetized directly or resold on criminal markets. Google Workspace compromises can extend into enterprise environments via SSO and permissive IdP configurations.
Read at BleepingComputer
Unable to calculate read time
Collection
[
|
...
]