Wednesday, January 20, 06:48
Home security Business Phishing: Fake login box for entering access details

Business Phishing: Fake login box for entering access details

A business-targeted phishing campaign uses the official website of a company, trying to trick potential victims into entering their fake credentials.

The attack starts with an email that's supposed to come from the company's technical support team informing the user that some emails have been blocked from incoming.

To make it feel like something urgent, the message from the attacker states that the emails have planned to be deleted and that in order for something like this not to happen o recipient must open them and retrieve them.


A link to the body text of the email takes the potential victim to the phishing page, where the company homepage loads automatically. However, the attackers added a fake login box so that the users to place the access details. So we have a seemingly legit page with a malicious login box. This way even users who suspect it may be attack, can click on links or mouse-over, see that they are not fake and proceed to enter their details.

Cofense's Dylan Main states in a blog post that the links to this phishing campaign come from the same domain ("traximgarage [.] Com") but have specific parameters to load the webpage corresponding to the target company.

In the fake login box in the field where the user enters the "username" the recipient's email is also displayed. This confuses the user even more.

Although this method may not be very successful in smaller companies, it may prove effective in larger companies. Companies where employees are more likely to rely on corporate systems protection and be less careful when entering their credentials.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.



The creator of PUBG is planning an IPO worth $ 27,2 billion! Ο δημιουργός του PUBG, Kim Chang-han, σχεδιάζει IPO (Αρχική Δημόσια Προσφορά ή εισαγωγή στο χρηματιστήριο) η...

Slack: How to turn off automatic conversion to Emoji

Emoji are everywhere now. In many applications - such as Slack - you can not type a simple emoticon based on ...

Malware FreakOut: Infects "Linux hosts" that run vulnerable software

An active malicious campaign is currently targeting critical Linux devices running software. Its purpose is to infect ...

Facebook Messenger vs WhatsApp: Which is worse for privacy?

In recent days, WhatsApp has been at the center of discussions, due to issues that have arisen regarding the privacy of ...

Apple sued! They want to remove Telegram from the App Store

Although Telegram has become very popular in the world in recent days, it also receives a lot of negative reviews. A former ambassador of ...

VLC for macOS has been updated with full support for M1 Macs

VLC is one of the most popular media players and the macOS version is currently receiving a major update with full ...

Google Maps adds precise details to 4 city roadmaps

The Google Maps app received an update in August last year, which added more color to the physical maps to ...

Smartwatches may detect COVID-19 symptoms

Smartwatches and fitness wearables can play a valuable role in the early detection of COVID-19, according to some recent studies. Researchers from ...

The incidence of sextortion increased significantly during the pandemic period

With the outbreak of the COVID-19 pandemic, countries around the world have entered a lockdown regime, in an effort to ...

SpaceX launches the first Starlink satellite for 1

SpaceX will launch 60 satellites from the Kennedy Space Center in Florida on Wednesday. This will be the first launch of ...