The Federal Bureau of Investigation (FBI) warned today of recently detected spear-phishing email campaigns targeting customers of “brand-name companies” in attacks known as brand phishing.
This warning was issued as a public service announcement through the bureau’s Internet Crime Complaint Center platform in coordination with DHS’ Cybersecurity and Infrastructure Security Agency (CISA).
The targets are sent to phishing landing pages through various means, including spam emails, text messages, or web and mobile apps that may spoof the identity or the online address of a company’s official site.
Attackers embed login forms or malware into their phishing pages with the end goal of stealing their victims’ user credentials, payment details, or various other types of personally identifiable information (PII).
In addition to these ongoing phishing attacks, threat actors are also likely developing tools to bait potential targets into revealing info for bypassing account protections two-factor authentication (2FA) by intercepting emails and compromising accounts.