CyberWire Daily Leveling up their credential phishing tactics. [Research Saturday]
14 snips
May 17, 2025 
Max Gannon, Intelligence Manager at Cofense, explores the escalating tactics of credential phishing. He discusses how cybercriminals are using precision validation to target high-value victims with tailored attacks. This technique enhances their phishing campaigns by validating email addresses in real time, making detection increasingly difficult for defenders. Gannon also emphasizes the importance of strong communication within organizations to counter these threats and protect sensitive information, particularly in critical sectors like oil and gas.
AI Snips
Chapters
Transcript
Episode notes
Precision-Validated Phishing Tactic
- Precision-validated phishing uses real-time email validation to target only high-value recipients within phishing campaigns.
- This technique exploits how SOCs analyze phishing emails, making detection significantly harder.
Threat Actors Exploit SOC Weakness
- The threat actors show a good understanding of SOC procedures despite using simple techniques.
- This strategic use of basic methods increases their attack effectiveness significantly.
Microsoft Phishing Campaign Example
- Max detailed a Microsoft credential phishing campaign using email validation to progress through the phishing steps.
- They used a targeted email from the phishing list to successfully advance and extract credentials.