Cyber Security News reports that WordPress administrators have been targeted with fraudulent domain renewal emails to facilitate the compromise of credit card data and two-factor authentication codes as part of a new phishing campaign.Attackers have sent seemingly legitimate emails urging immediate action to renew an unspecified WordPress domain that include a button redirecting to a bogus WordPress payment interface, from which inputted credit card details have been exfiltrated to Telegram, according to an analysis from independent security researcher Anurag Gawande. Victims have been subsequently shown a counterfeit 3D secure verification prompt that seeks input of one-time passwords received via SMS, with the repeated display of failed verification ensuring the harvesting of several OTP codes that are also delivered to Telegram channels.Harnessing Telegram as a main exfiltration channel has allowed increased stealth, built-in encryption, and reduced infrastructure spending for threat actors, said Gawande, who also emphasized the importance of verifying renewal notice emails.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds