Royal Ripper: Multi-Stage Phishing Attack Adapts to Victim Input

PhishLabs is monitoring a multi-stage phishing campaign that impersonates government entities and telecoms to target financial institutions and their customers. The threat actor behind the attacks has been designated Royal Ripper. The initial stage of the attack harvests personal information and the sort code of the victim’s bank. It then uses the sort code to redirect the victim to a second phishing site that poses as their bank. This progression allows the threat actor to use a non-banking lure to draw in victims and ultimately steal their online banking credentials. 

 

Advertise on IT Security News.