Summary: A recent report reveals a shift in credential harvesting tactics, with attackers now targeting lesser-known services like Gravatar and telecommunication companies such as AT&T and Comcast. By exploiting Gravatar’s “Profiles as a Service,” attackers create fake profiles to deceive users into revealing their login credentials. This evolution in phishing tactics highlights the need for increased vigilance and security measures among users.
Threat Actor: Unknown | credential harvesting
Victim: Various Users | Gravatar, AT&T, Comcast
Keypoints :
- Attackers are targeting a wider range of cloud applications, including Gravatar and telecom services.
- Fake profiles are created to impersonate legitimate services, tricking users into providing credentials.
- Users are urged to verify URLs, scrutinize emails, and use strong passwords with two-factor authentication.