FourFourSeconds ago, a phishing attack on an online retailer was revealed.
A phishing campaign was sent through an email address belonging to an employee of the online retailer, who was working at the time of the attack.
This is how the attack was carried out.
The email was sent to a business email address that was used by the company’s website to send emails.
It appears that the phishing attacker managed to steal login details from this email address.
When the user opens the email and tries to log in, they are redirected to a page where they are presented with a security question and a link that takes them to a malicious website.
Once they click on the link, they download a file and then a malicious program is launched that allows the attacker to access the user’s files and data.
Once the malicious program downloads, it is then able to execute arbitrary code in the browser, which will steal passwords, login details, and other sensitive information.
The attack is currently believed to have been carried out by an unknown user or group of users.
The identity of the user is unknown and the phishers did not gain access to any sensitive data.
The phishers have been identified as an employee from a Chinese online store.
The investigation is ongoing.