Introduction
A recent phishing campaign has been exploiting fabricated news about an assassination attempt on President-elect Donald Trump [2]. This campaign primarily targets the professional services and mining sectors by using false claims to deceive victims.
Description
A phishing campaign is exploiting a fabricated story about an assassination attempt on President-elect Donald Trump to lure victims [2], particularly targeting the professional services and mining sectors [1]. The fake news [2], which falsely claims to be from The New York Times [2], suggests Trump is in critical condition after being shot by Iranian agents and states that the information is “classified.” Attackers enhance the credibility of their scheme by impersonating reputable brands [2], including news organizations [2], and using emails that feature a relevant sender name and a seemingly legitimate email address. These emails often personalize the content by addressing the victim directly and contain a high-impact lure that encourages recipients to click a link leading to a credential phishing page [1].
Upon clicking the link [1], victims are presented with a misleading explanation for why they need to log in to their company accounts. Although the phishing page does not closely resemble The New York Times website, it briefly displays a paid account sign-up image before redirecting victims to a semi-legitimate login portal [1]. This portal is customized with the victim’s company logo and name [1], as well as personal information such as browser type and geolocation [1], which enhances its believability [2].
Ondrej Kubovic [2], a Security Awareness Specialist at ESET [2], noted that the phishing form is dynamically loaded [2], meaning its content can change based on the victim’s organization [2]. In one instance shared by ESET [2], the form used ESET branding [2]. ESET has been actively detecting and blocking the emails [2], scripts [2], and URLs associated with this campaign since November 13, 2024 [2], and has informed other security vendors [2]. The firm is currently identifying hundreds of new phishing websites daily that impersonate various organizations [2], aiming to harvest victims’ contact information for fraudulent investment schemes [2]. This campaign exemplifies how threat actors exploit current events [1], such as the US presidential election [1], to manipulate emotions and entice individuals into engaging with malicious content [1].
Conclusion
This phishing campaign highlights the sophisticated tactics employed by cybercriminals to exploit current events and manipulate emotions. The use of reputable brand impersonation and personalized content increases the likelihood of success. Organizations must remain vigilant, employing robust security measures and educating employees about such threats. As cyber threats continue to evolve, collaboration among security vendors and ongoing awareness efforts are crucial in mitigating risks and protecting sensitive information.
References
[1] https://cofense.com/blog/cofense-intelligence-identifies-u-s-presidential-assassination-themed-phishing-campaign
[2] https://www.infosecurity-magazine.com/news/fake-trump-assassination-phishing/
