A newly discovered spoofing campaign has been discovered mimicking the Walmart brand and several career, dating, and movie and TV websites, with more than 540 domains detected so far.
Corin Imai, senior security adviser for DomainTools, was alerted to the activity about two weeks ago when the term "Walmart" was found spoofed in multiple domains. The flagged domain walmartcareers[.]us prompted her to research related terms and other suspicious domains.
Imai's analysis led to the discovery of an email address linked to 184 other potentially risky domains with an average age of 190 days. Further investigation into these domains led to the discovery of a much broader campaign spoofing a range of websites related and unrelated to the Walmart brand. Of the 540-plus domains identified, only 181 have appeared on blacklists. Others have a high risk score, which Imai says indicates they'll likely be blacklisted in the future.
The initial intent of this investigation was to analyze spoofing campaigns targeting Fortune 500 companies, she says, but researchers' findings took them down an unexpected path. "Generally with phishing domains, we see things escalate between 24 and 48 hours," Imai explains. Within two days of their analysis, researchers saw more of these suspicious websites being blacklisted.
Of the domains found so far, many appear to target job hunters and people using online dating and entertainment websites. It seems the attackers' intent is to exploit this interest by creating fake sites designed to capture users credentials, going step-by-step to set up a credential page so they can verify they are who they claim to be, while at the same time scraping login data.
As of now, it ..
Support the originator by clicking the read the rest link below.
