Medium
Another phishing campaign that attempts to get users to give up their WebEx credentials. The initial email claims that there is an SSL certificate issue related to WebEx that requires the user to login and verify their account. The body of the email appears professional and leverages the WebEx logo to reinforce its legitimacy. Additionally, a SendGrid link is used to hide the true destination URL. If a user clicks the link, they will be redirected to a domain with an SSL certificate and web meeting theme as opposed to the actual WebEx domain. The landing page appears to be a copy of the real WebEx login page. The first page simply asks for the user’s email address, while the second requests their password also. In order to avoid raising suspicions, after the credentials are captured by the attacker, the victim is redirected to the legitimate WebEx login page. The researchers note that they were able to find an open directory hosted on the attacker’s server containing the files that generate the fake webpage.
WebEx