This week, we uncovered a simple credential harvesting attack. We saw this in over 30 organizations, suggesting something targeted.
It works like this:
The subject of the email reads: Please confirm your email address within 14 days.
The body shows that, to comply with ICANN regulations, you have to confirm the email address listed on a given domain.
Clicking on the "Confirm Email Address" is just a slick way to steal your credentials.
Here's what it looks like:
If you click on the "Confirm Email Address" button, you get taken to this page: