In its investigation into the hackett.org hacking campaign, KrebsOnSecurity discovered that the hackett.org operators had acquired several new domains registered by users of the site, one of which was the handle phishing.com. The site, which claims it sells information about web applications, contains a button to « Pay for services » to obtain sensitive information. Users then click on the link, which asks to submit an email address and password that they will need to set up phishing accounts.
In one of his posts in the hacked phishing.com email, phishing.com administrator Andrew « totus » Gottwald claims to have obtained about 600,000 phishing emails that had been여주출장안마출장 안마 sent by « users of phishing.com. » He says that these include those sent by phishing websites, but also those that may have been sent by legitimate email marketing websites and also by phishing websites selling malware, which is a type of online fraud known as identity theft.
In addition, Gottwald adds that, based on his research, there is also evidence that the email address phishing.com uses is « also a real one. »
In his post on phishing.com, Gottwald claimed that more than half of phishing emails sent via the hacked phishing.com address have the words « pinkbike » as an attachment. The attachments include the following message:
A screenshot of phishing.com hacked email content. This is one such link that appears in the phishing.com email account that is the focus of the KrebsOnSecurity investigation.
In addition to spam emails containing the same image that has been posted on the phishing.com website, another message attached to that mail shows a link to a web site for an educational video called « The Truth About Phishing: How You Can Defeat It Today. » The link is a link to the download site, phishing.videos, that has been used to create phishing emails and download links that are supposed to fool people into clicking on them.
The email attachment to phishing.videos.com also contains the phrase « We are confident that all of the above links will work to take out your privacy. » It does not mention that a number of phishing websites, including phishing.com, also use similar language.
In order to view the messages, which were sent on June 16 and 17, the victims had to visit their respective phishing sites and enter their email addresses