EvilProxy Phishing Attack Targets Indeed Job Platform

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

A new phishing campaign has emerged, specifically targeting high-profile US executives. This campaign takes advantage of open redirects from the jobs platform Indeed and employs EvilProxy to pilfer session cookies. Stolen session cookies bypass all authentication mechanisms, including multi-factor authentication (MFA), potentially granting unauthorized access to attackers.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.