The FBI has issued a public warning in connection with a phishing campaign targeting customers of high-profile brands.
The campaign, known as brand phishing, involves targeting phishing landing pages via various means including text messages, spam emails or web and mobile applications.
In an attempt to steal payment information and user credentials, attackers embellish login forms or malware into phishing sites that are sent to targets.
They also create tools to deceive targets and provide information to help them bypass security protections.
According to the FBI, “When cybercriminals gain access to a consumer’s online and email accounts, cybercriminals may be able to intercept emails with 2FA codes that are used to make significant changes to online accounts, update passwords, verify user access, or change security rules and set up before the account owner is notified and aware.”
With this in mind, private organizations are advised to remain vigilant, to evaluate their internal security policies and to ensure that their consumers are provided with the necessary information on account security protocols.
For more information, read the original story in BleepingComputer.