This week, we uncovered a simple credential harvesting attack. We saw this in over 30 organizations, suggesting something targeted.

It works like this:

The subject of the email reads: Please confirm your email address within 14 days. 

The body shows that, to comply with ICANN regulations, you have to confirm the email address listed on a given domain.

Clicking on the "Confirm Email Address" is just a slick way to steal your credentials.

Here's what it looks like:


If you click on the "Confirm Email Address" button, you get taken to this page:


Subscribe to Our Attack Briefs for More Research