Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes
A sophisticated cyber threat group known as Ghostwriter has been leveraging phishing tactics that mimic official Google alerts to deceive users into divulging their login credentials and two-factor authentication (2FA) codes. This campaign, detailed by the Polish Computer Emergency Response Team (CERT Polska), targets both individuals and organizations.
Phishing Emails: Mimicking Official Alerts
The emails sent by Ghostwriter appear to come from legitimate Gmail addresses such as [email protected], [email protected], or [email protected]. These messages are designed to look like official Google notifications, often warning users about suspicious activity on their accounts. The deceptive nature of these emails is heightened by the use of familiar branding and language.
Phishing Flow: A Multi-Stage Process
The phishing flow consists of several stages:
- Initial Email: Recipients receive an email that appears to be from Google, alerting them to potential security threats or account issues.
- Redirect to Phishing Page: The emails contain links directing victims to a fake login page hosted on domains like
mailverify.digital, `check-mail-
Read the full article at Cyber Security News
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
