You are here

Security Awareness – Stolen Credentials from Xerox-themed Phishing Campaign Publicly Exposed

Security Awareness – Stolen Credentials from Xerox-themed Phishing Campaign Publicly Exposed

Created: Thursday, January 21, 2021 - 14:10
Categories:
Cybersecurity

If your organization uses Xerox multifunctional devices (and even if it doesn’t) this incident may be of interest. It seems attackers inadvertently exposed more than 1,000 stolen corporate credentials obtained through a Xerox-themed phishing campaign. While 1,000 credentials may not seem significant, this incident represents a typical lure that staff are likely to fall for, especially if your organization uses Xerox devices. According to Check Point, the campaign began in August 2020 using emails purporting to be Xerox scan notifications to lure victims into clicking malicious HTML attachments. Given the campaign managed to bypass email filters (Microsoft Office 365 Advanced Threat Protection), this would make a good security awareness reminder to provide to your organization’s best line of cyber defense (your staff). Read more at threatpost.