02 October 18, 13:39
Quote:Phishing attacks are nothing new, especially when it comes to spam e-mails sent in the hope of reaching the perfectly gullible victim who would click on a maliciously crafted link or open a malware dropper script disguised as an attachment.
That being said, a security researcher from San Francisco, CA, using Aurum as an online handle, has found a phishing campaign targeting Steam users using an unorthodox technique of spoofing legitimate login pages.
He found the phishing scam site, tradeit.cash, after a discussion with one of the scammers behind this phishing campaign and he noticed that the phishing website was an almost identical copy of skins.cash, a legitimate Steam trading site. From here on out things got very interesting seeing that the scammers went through the trouble of hosting their phishing site on CloudFare and even chose to use a CloudFare SSL certificate to make it as believable as possible.
Source: https://news.softpedia.com/news/unconven...2989.shtml