• Spoof Eventbrite phishing emails look to lure in victims in major

    From TechnologyDaily@1337:1/100 to All on Wednesday, October 30, 2024 17:30:05
    Spoof Eventbrite phishing emails look to lure in victims in major attack

    Date:
    Wed, 30 Oct 2024 17:03:00 +0000

    Description:
    Hackers are increasingly abusing Eventbrite to send emails that can bypass filters and protections.

    FULL STORY ======================================================================

    Cybercriminals are increasingly abusing Eventbrite to run successful phishing campaigns, experts have warned.

    A report from cybersecurity researchers Perception Point claims to have observed a 900% growth in the rate of such email attacks recently.

    The method is quite simple - a malicious actor will register an account with Eventbrite, and set up a fake event under the guise of a reputable brand,
    with crooks already impersonating the likes of airline Qantas, toll ecollection system Brobizz , web hosting platform One, DHL, EnergyAustralia, and Qatar Post. Phishing deluge

    Creating an event then allows the hackers to create emails through the Eventbrite platform, which is where they draft the phishing messages.

    These emails can include text, images, and links, all of which are prime opportunities for attackers to smatter in malicious content, the researchers explained. The attacker then enters their list of targets (or attendees) and sends them the invite email.

    Eventbrite is an online platform where users can create, promote, and manage different events. Organizers can use it to sell tickets, and track
    attendance. Its tools can support different events, from concerts and festivals to workshops and conferences. On the other hand, consumers can use it to browse different events and purchase tickets.

    Obviously, the tool also has its own mailing system, through which it can notify users of new events, changes in schedule, and more. Now, security pros are saying that this mailing system is being abused to send phishing messages that are more likely to bypass any email security set up.

    In the usual phishing manner, victims are asked to urgently login to solve a problem, and during the process, they share personal information such as
    login credentials, tax identification numbers, phone numbers, credit card details, and more.

    What makes this phishing campaign particularly dangerous is the fact that all emails are sent from the noreply@events.eventbrite.com domain - a trusted
    name that also makes it past different email filters. More from TechRadar Pro New method for phishing discovered for Android and iPhone users Here's a list of the best firewalls today These are the best endpoint protection tools
    right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/spoof-eventbrite-phishing-emails-look-t o-lure-in-victims-in-major-attack


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)