Phish & Glitch: How Hackers Are Hooking Navy Federal Members
Glitch is being exploited like a free buffet, as phishing campaigns triple their traffic by hosting pages there. Targeting Navy Federal Credit Union members, these crafty crooks bypass multi-factor authentication using Telegram and even employ fake CAPTCHAs. Netskope Threat Labs urges caution—never enter sensitive info on suspicious sites!
Hot Take:
Oh dear, it seems Glitch has become the new playground for cyber tricksters! While the platform’s ‘Remix’ feature sounds like something from a DJ’s dream, it’s unfortunately turning into a cybercriminal’s paradise. Who knew that hosting a phishing page could be as simple as remixing a song? It’s like giving a kid a water gun and being surprised when they start a water fight. Time to tighten those security bolts, Glitch!
Key Points:
– Netskope Threat Labs observed a three-fold increase in phishing pages created on Glitch.
– Over 830 organizations and 3,000 users have been affected, with a focus on Navy Federal Credit Union members.
– Half of these campaigns use Telegram to steal data and bypass multi-factor authentication.
– Custom-built CAPTCHAs are used to hide phishing payloads from static web scanners.
– Attackers leverage Glitch’s free hosting features to deploy multiple phishing pages rapidly.