One of the quickest ways for an attacker to harvest financial data, credentials, and sensitive personal information is through phishing. These social engineering attacks can typically be found masquerading as a trusted or recognizable service, intent on tricking unsuspecting users into submitting sensitive information on the attacker’s customized web page.

Criminals use phishing because it can be easier to exploit a human’s natural inclination to trust rather than look for new ways to exploit a software vulnerability — it’s often easier to trick a user into giving up their password than trying to hack the password using brute force or dictionary attacks, unless of course the target happens to be using really weak credentials.

Continue reading DHL Phishing Page Uses Telegram Bot for Exfiltration at Sucuri Blog.