Let me start off this blog post with a question. What do you think when you hear the word heat stroke? According to Wikipedia, “Heat stroke, also known as sun stroke, is a type of severe heat illness that results in a body temperature greater than 40.0 °C (104.0 °F) and confusion.
Other symptoms include red skin, headache, and dizziness. … Heat stroke occurs because of high external temperatures or physical exertion.” That is what I thought about when I saw this article ‘Heatstroke’ Campaign Uses Multistage Phishing Attack to Steal PayPal and Credit Card Information which was posted on the 29th of August on Trend Micro’s Security Intellegance Blog. In this article, Heat Stroke is not two words, its one, and boy does it have nothing to do with the sun.
As I write this blog post, I’ve returned home from an appointment and it was already 84 degrees at 10 am. We have whats called a heat advisory for the area, and its prolonged heat for many hours of the day.
We can take the heat advisory and weather discussion to this blog post, because it is described as a multi-staged attack to get information such as Paypal credentials, Apple credentials, or anything the developers wish to extract from the victim in which gets the message. The name comes from something in their code, and thats how most of these are named. Its facinating that it would be considered heat stroke, because it has legit looking web pages even though it redirects users based on criteria. This is quite interesting, and I found this facinating how the actors behind this don’t deliver it to certain people if certain conditions are met, but yet, the landing pages know this.
What bothers me about this whole reading is the fact the page seems to do nothing until everything is validated. The actors went to great lengths to validate the authentisity of the data, especially credit card data. I would recommend reading the attached article about this threat, and lets make sure we pass this along to our readers and listeners. Thanks for listening!
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.