Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

A credential phishing scheme only targets high-value targets by using real-time email validation. Additionally, details of an email phishing campaign that uses file deletion reminders as a lure to obtain credentials and distribute malware are disclosed by Cofense researchers. The results also come after a sophisticated multi-stage attack that gains initial access and establishes persistence by combining vishing, remote access tooling, and living-off-the-land techniques.

According to the cybersecurity firm, it's "almost as if the threat actor purposefully designed the attack to trap the user, forcing them to choose which 'poison' they will fall for." "Both options lead to the same outcome, with similar goals but different approaches to achieving them," the statement continued. "The tradecraft observed in the activity is consistent with clusters tracked as Storm-1811 and STAC5777," the business wrote in a blog post regarding the results. According to the report, "this tactic not only gives the threat actors a higher success rate on obtaining usable credentials as they only engage with a specific pre-harvested list of valid email accounts." In its blog post about the new phishing technique, Cofence stated, "It improves the quality of harvested data for resale or further exploitation, increasing the efficiency of the attack and the likelihood that stolen credentials belong to real, actively used accounts." "It seems as though the attack is purposefully meant to trap...

users," the cybersecurity firm stated regarding the two-pronged attack that makes use of an embedded URL that appears to point to a PDF file that is set to be removed from files.fm, a reputable file storage service.An executable that purports to be Microsoft OneDrive but is actually the ScreenConnect remote desktop program from ConnectWise is dropped when the download option is chosen, according to the company. The development coincides with the company's disclosure of information about a phishing attack that uses a fake Microsoft login screen to obtain login credentials.

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026