• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

Give Us Your SSN, Your Email Password, and Your Dream Job

December 22, 2021 By Josh Stuifbergen

Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details:

Username and Password
Social Security Number
Email address and email password used for 2-Step verification
Security Questions:
What was your dream job as a child?
Who is your favorite sports athlete or player?
What was the food you LEAST liked or DISLIKED as a child?
What is your favorite book/movie character?
What was the first album you purchased?

So, you know, just a few basic details.

The phish form.

The form was found at a Thinkific file subdomain. Thinkific is a service for crafting a customized education course. As there is a free tier available, it is ripe for abuse by attackers to spin up an account and quickly deploy phishing content. This is a problem with all free tier content hosts, so Thinkific isn’t being singled out. This phish was just detected yesterday (12/21/2021) so we expect to see the URL in question cleaned soon.

We reviewed the HTML code and found numerous references to SunTrust Bank, even though this form had the Hancock Whitney Bank logo on it. The relationship between these banks is unknown to us, but that isn’t really that focus on the topic at hand. We do give the attackers a little credit for attempting to give the page a semblance of a legitimacy by adding some disclaimer information at the bottom of the page.

Bottom of phish form.

It was easy to spot out where the data would end up. The HTML shows that the form will be submitted to a usebasin[.]com location seen at the bottom of the image posted below.

HTML code from the phish page.

We followed that link to find it had since been cleaned.

Destination of the form submission.

Phishing scams are everywhere. They come in all different variations, and the tactics are often not new. The Hancock Whitney Bank example is clearly something you won’t fall for. But who knows, mistakes do happen. Anyhow, this phish does set a good reminder in how precious your private information is. If you have access to a password manager, then please us it. That way, you can make up random answers to security questions and save them to your manager. If you or someone you know happen to get bamboozled and had sensitive data phished, then at least the security questions only go as far as that one account and prevent attackers from gaining access to your other accounts.

If anyone asks for your email password that isn’t your actual email login page, then don’t share it!

Share This:

Related

Filed Under: Editorial Articles Tagged With: Phishing

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
  • LockBit Ransomware Group Introduces Bug Bounties and More
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use