Phishing Indicator of Compromise list 10-07-2018

This phishingset contains 20 phishing URLs which have been spotted by the phishing hunting community.

The phishing URLs which are listed below should be considered dangerous.

We have noted down phishing attacks in this post which mimic the following environment types:

  • DropBox
  • PayPal
  • Payment
  • Banking
  • Microsoft

Found suspicious domains

  • www.paypal.com-verification.issue.direct
  • support-paypal-account-verification.com.patulihs.edu.bd
  • www.accountverificationpaymentshop.usa.cc
  • evamodinou.gr
  • audiomiracle.com
  • www-paypal-com.resolved-accounto.com
  • www.paypal.com.nofications.center
  • paypal.com.login-webapps-verification.ga
  • paypalsecure.com.tshirtino.com
  • www-paypal.com-confirmatlon.com
  • www.dropbox.com
  • limited-paypal.cf
  • exchange.humbank.com.au
  • www.tahsenk.com
  • charmosamoda.com.br
  • swaqili.com
  • nab.0nliine.tk

What is phishing

Phishing is a term which describes attacks which are performed on individuals that may hold information that is valuable to the attacker. The information that is often targeted consists but it is not limited to personally identifiable information, passwords and credit card details.



Types of phishing

There are two types of phishing, the first one is phishing itself, phishing attacks often target a wide range of individuals. The threat actor behind this attack has no specific clue on which individual is being targeted, the only thing the threat actor knows is that there is something to be gained from that user.

The second type is called spear-phishing, this attack focuses on specific individuals, the threat actor has performed research on its target and has setup an attack plan in which the individuals are likely to be lured by the threat actor. This attack is often performed by threat actors which are after intellectual property and credentials.

Protect yourself against phishing

Various security measures have been taken in order to protect you against phishing threats, but the threat actors behind the attacks are not blind, they know that these security measures exist, and they will try to bypass them, so it is important to know what you can do against phishing attacks, and how you can keep yourself safe.

Irregularities

Once you get a message which contains links, make sure to hover above the link, look carefully for any misspelling or other irregularities.

Search for the green lock

If you are requested to provide credentials or any information that is personal or valuable, then make sure that you see the HTTPS protocol in the URL, once you visit the site, the site should clearly show a green lock in the URL section of the browser.

Treat links and attachments with suspicion