A sophisticated “Account Restriction” phishing campaign targeting PayPal users aims to steal full identities (Fullz) and financial assets through a multi-step, fake verification process. The attack impersonates PayPal to harvest credentials, credit card details with CVV, and personal information via deceptive domains. PayPal “Unauthorized Activity & Account Limitation” PhishingTarget: PayPal Users WorldwideThreat Level: Critical (Financial …
Monthly Archives: October 2024
Bank Rakyat Indonesia (BRI) phishing page detected
A phishing campaign targeting Bank Rakyat Indonesia (BRI) customers utilizes WhatsApp and SMS to trick users with a fake 150,000 IDR service fee increase. The attack uses a fraudulent “BRImo” portal to harvest credentials and real-time OTPs to seize control of mobile banking accounts. Bank Rakyat Indonesia (BRI) “Service Fee Change” ScamTarget: Customers of Bank …
Continue reading “Bank Rakyat Indonesia (BRI) phishing page detected”
Bancolombia phishing page detected
A phishing campaign targeting Bancolombia users employs fake “account blocked” alerts via SMS to steal credentials for the Bancolombia Personas mobile application, including usernames and real-time OTPs. The attack uses fraudulent websites to impersonate the bank’s login portal and pressures victims into entering sensitive information. This phishing campaign against Bancolombia uses urgent SMS messages to …
First Citizens National Bank phishing page revealed
A phishing campaign targeting First Citizens National Bank customers uses a fake “System Update” page to perform real-time MFA bypass and account hijacking. Attackers utilize lookalike URLs to harvest credentials and SMS codes, allowing them to instantly access authentic banking sessions. This phishing campaign against First Citizens National Bank uses fake “security sync” emails and …
Continue reading “First Citizens National Bank phishing page revealed”
MidFirst Bank phishing page detected
A phishing campaign targeting MidFirst Bank customers utilizes a “Security Update” pretext, employing SMS or email to prompt users to sync accounts on a fraudulent website. This high-level threat harvests login credentials and real-time One-Time Passcodes (OTP) via a clone of the official MidFirst login page, enabling immediate account takeover. MidFirst Bank “Personal Banking Security” …
iCloud phishing page detected
A critical iCloud phishing campaign that uses fraudulent “Find My” and “Storage Full” notifications to steal Apple ID credentials and bypass 2FA. Attackers use pixel-perfect fake login pages to capture credentials in real-time, allowing them to unlock stolen devices and gain full access to personal data. iCloud “Find My iPhone” & Account Security PhishingTarget: Apple …
Sparkasse phishing page revealed
This phishing case targets Sparkasse customers in Germany using a sophisticated “PushTAN/S-ID-Check” scam. Attackers utilize smishing and email to direct users to fraudulent, pixel-perfect sites, harvesting credentials and using Man-in-the-Middle techniques to trick users into authorizing fraudulent device registration through the official app. Protection involves disregarding links, using only the official app, and carefully verifying …
Interac phishing page detected
An Interac phishing campaign, often targeting Canadian bank customers, uses a sophisticated gateway to impersonate the instant money transfer system and harvest banking credentials, security questions, and OTP codes. Victims are lured via SMS or email to fake portals that perfectly clone major financial institutions to facilitate account takeovers. This phishing campaign targeting Canadian bank …