As dangerous as it is when consumers think they’re too boring to be of interest to cybercriminals, it’s worse to hear the same from SMB owners. When they neglect basic protection, that suits cybercriminals just fine — their targets aren’t always what you might expect. One example comes from a message that fell into our mail trap recently: phishing aimed at hijacking an e-mail service provider (ESP) account — for mailing lists.
How mail service phishing works
The scam begins with a company employee receiving a message confirming payment for a subscription to an ESP. The link in the message is supposed to give the recipient access to proof of purchase. If the recipient is indeed a client of the ESP (and the phishing does target actual clients), they are likely to click through, hoping to figure out the anomalous payment.
Although the hyperlink seems to lead to an ESP page, it really points somewhere else entirely. Clicking it takes victims to a fake site that looks very much like a legitimate login page.
Two login screens. Fake page is on the left.
At this point, readers won’t be surprised to learn that any data entered on the fake login page goes straight to the cybercriminals behind the scam. Note, however, that in addition to the misdirection, the fake site transmits the data it harvests over an unprotected channel. The attackers didn’t even bother to replicate the CAPTCHA, although they did insert an example in the e-mail field. We should see a flag in the lower right corner as well. But most users are unlikely to spot those discrepancies.
