HackRead reports that threat actors have been delivering bogus missile warnings to pilfer Microsoft passwords as part of a new phishing campaign exploiting the ongoing conflict in Iran that also involves the U.S. and Israel.Malicious emails purporting to be from the Ministry of Interior and Civil Defense sent through a fake email address with an Australia-based domain include an air-raid emergency warning that lures recipients into scanning the included QR code, findings from a Cofense Phishing Defense Center report showed. Doing so diverts victims to a fraudulent human check page before being redirected once more to a seemingly legitimate Microsoft login page, where login credentials are then exfiltrated."This is a classic example of social engineering, leveraging panic and authority to trick users into acting quickly without verification. The repeated phrasing, lack of personalization, and reliance on a QR code instead of a verified source all indicate a mass phishing attempt designed to exploit situations of panic and prompt impulsive actions," said researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




