Read more from Author Melissa Galbraith here: https://globelivemedia.com/author/melissa-galbraith/
The cybersecurity company Check Point Research has discovered a Internet scam campaign that has accidentally made illegally obtained credentials available to the public through a Google search.
The campaign of Phishing, a computer term that defines a method used by cybercriminals to scam and fraudulently obtain confidential information, began last August through the sending emails posing as Xerox scan notifications, as detailed by the Globe Live Media agency.
The cybersecurity companies that have discovered this event have revealed that these emails prompted users to open a malicious HTML attachment that bypassed Microsoft Office 365’s Advanced Threat Protection (ATP) filter. Once they proceeded to do so, they were redirected to a login page.
More than 1,000 people affected
By applying this method, cybercriminals they managed to obtain the credentials of more than a thousand people. This data was stored in a text file hosted on WordPress servers controlled by cyber criminals, who they ended up exposing them by mistake on the Internet, since the folder where they were stored was indexed by Google, thus allowing the information to be accessible to any user.
“The cybercriminals’ strategy was storing the stolen information on a specific web page that they created themselves to, after deceiving their victims, collect all the data stored on these servers. However, what they didn’t think was if they were able to crawl the web for this information, Google could too. This was clearly a failed security operation for the cybercriminals,” the technical director of Check Point for Spain and Portugal, Eusebio Nieva, explains to Globe Live Media.