According to FBI information filed with California federal judge Margo Rocconi by an anonymous FBI agent, the suspects used a number of techniques to trick victims into trusting links to phishing crimes. First, the link appeared to be from the victim’s employer’s domain. Second, the attackers used the name of an enterprise security vendor, Okta, by adding “-okta.net” to the end of the visible part of the phishing domain name.
The attackers then used a domain registrar called NameCheap, which claims to offer “private domain registration” and touts, in a mocking statement provided to the customers in question here, that it allows customers to “remain protected from fraud and identity theft. Your contact information will be hidden from the public Whois database.” “
Suspects then used a fake username (a celebrity name associated with contempt) and a free email address from Gmail. “These records indicated that both phishing sites were registered on June 2, 2022 – the same date that Victim Companies 1, 2, and 3 were targeted in the phishing scheme,” the FBI filing said.
Source link