Scammers are attempting to harvest more than one set of credentials Credit: Thinkstock In what looks to be an attempt at getting more for less, scammers behind a number of recent Phishing attacks are attempting to harvest more than one set of credentials from a single source.Examining a set of shortened URLs, which were pointed at hosted Phishing websites, researchers from Trend Micro discovered that the person(s) behind the scheme were allowing the victim to enter credentials from various sources.In one example, the website allows the victim to select between Yahoo, AOL, Windows Live, Gmail, or – if they wish – any other account via an option labeled “Other emails.”The credentials are requested in order to access the Phishing lure. In this case, the lure is a website designed to mimic Facebook, Google Docs (despite the fact the service is now called Google Drive), Microsoft’s OneDrive, or various property pages. “It’s interesting to note that the pages accept any words or even gibberish typed in – a sure sign that the pages are more concerned with collecting data,” the Trend Micro blog explained.“After signing in, users may encounter a ‘loading’ or ‘server error’ notification before they are led to the actual site. For example, users who visit the ‘Google Docs’ site are led to a shared document about intentions for prayers.” The point that the attack actually redirects the victim to the actual website shows that the criminals are hoping to keep the attack alive as long as possible. However, given that the forms accept any input, clearly all they’re after is the credentials.As far as awareness goes, it’s a good idea to remind users that shortened URLs shouldn’t be trusted unless they’ve come from a known / valid source. However, it’s rare to see them in legitimate work-related messages, and most personal correspondence avoids them as well.If someone does follow a maliciously shortened link, traditional anti-Phishing training should still come into play, as the URLs in this particular attack – and others like it – are easily identified by examining the address bar. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe