New Phishing Scheme Exploits Public Interest Around Hurricane Michael to Steal Email Credentials

A recent phishing scheme exploited public interest around natural disasters to steal victims’ email credentials.

According to Proofpoint, threat actors took advantage of the damage caused by Hurricane Michael to direct attacks at unsuspecting users and obtain victims’ email credentials across multiple services, including Google, Outlook, AOL, Yahoo and Office 365.

While disaster scams are not uncommon, most attempt to solicit donations for fraudulent charities or steal credit card numbers. This new campaign, however, specifically targeted email credentials. The attack vector lacked both sophistication and success — Proofpoint reported just 500 total clicks for three observed URLs — but stands out for its use of Azure Blob storage to host phishing pages.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.