July 28, 2021

This phishing scam left thousands of stolen passwords exposed through Google search » Scammer News

Operators of a phishing campaign targeting the construction and energy sectors exposed credentials stolen in attacks that were publicly viewable with a simple Google search. 

On Thursday, Check Point Research in partnership with Otorio published a blog post describing the campaign, in which stolen information was dumped on compromised WordPress domains. 

The recent phishing attack began with one of several fraudulent email templates and would mimic Xerox/Xeros scan notifications including a target company employee’s name or title in the subject line. 

Also: Best VPNs • Best security keys • Best antivirus   

Phishing messages originated from a Linux server hosted on Microsoft Azure and were sent through PHP Mailer and 1&1 email servers. Spam was also sent through email accounts that had been previously compromised to make messages appear to be from legitimate sources. 

Attackers behind the…

Read full article here: scammernews.com