Pocket Card Users Under Attack Via Sophisticated Phishing Campaign

A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The landing pages are nearly indistinguishable from the official Pocket Card authentication portal, featuring properly implemented SSL certificates to display the padlock icon that many users associate with security. This deobfuscation routine unpacks additional malicious code that performs the credential exfiltration through encrypted channels to command and control servers, making detection particularly challenging for security solutions. The malicious actors behind this attack employ convincing Pocket Card branding, accurate formatting, and contextually relevant messaging to trick recipients into interacting with seemingly benign attachments or embedded links. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. These messages prompt users to review suspicious activity or verify their credentials by clicking on embedded links that redirect to meticulously designed phishing pages. This sophisticated phishing campaign represents an evolving threat to financial service customers, combining social engineering with advanced technical evasion techniques. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Broadcom researchers noted the campaign after observing a spike in credential harvesting attempts targeting financial services customers. Their analysis revealed that these attacks use a sophisticated multi-stage payload delivery system designed to bypass traditional email security filters. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. INTERPOL led a multi-national law enforcement operation dubbed "Operation Red Card," which has resulted in the arrest of over 300 suspected cyber criminals. The attack vector primarily leverages emails purporting to be security alerts, transaction confirmations, or account verification notices. The infection process begins when victims click the malicious link, triggering a JavaScript-based redirect chain that ultimately loads the phishing page. The researchers noted that the campaign employs domain typosquatting, with URLs such as “pocket-card-secure.com” and “pocketcard-verification.net” to enhance legitimacy. The campaign, active since early March 2025, has already compromised an estimated 3,000 accounts, resulting in unauthorized transactions and credential theft. The extension functions as a formgrabber, harvesting additional authentication details across multiple financial websites.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 24 Mar 2025 15:05:04 +0000


Cyber News related to Pocket Card Users Under Attack Via Sophisticated Phishing Campaign

Pocket Card Users Under Attack Via Sophisticated Phishing Campaign - A highly targeted phishing campaign is currently exploiting Pocket Card users through elaborately crafted emails that appear to originate from the legitimate financial service provider. The landing pages are nearly indistinguishable from the official ...
2 months ago Cybersecuritynews.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
USPS Delivery Phishing Scam Exploits SaaS Providers to Steal Data - A new USPS Delivery Phishing Scam has surfaced, in which scammers are exploiting Freemium Dynamic DNS and SaaS Providers to steal victims' login credentials and other data. Cybersecurity researchers at Bloster AI have uncovered a new USPS Delivery ...
1 year ago Hackread.com
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
1 year ago Darkreading.com
Phishing kits now vet victims in real-time before stealing credentials - Even if they were allowed to use the real target's address, the analysts comment that some campaigns go a step further, sending a validation code or link to the victim's inbox after they enter a valid email on the phishing page. However, with this ...
1 month ago Bleepingcomputer.com
Arrests in Tap-to-Pay Scheme Powered by Phishing – Krebs on Security - Asked for specifics about the mobile devices seized from the suspects, Lyon said “tap-to-pay fraud involves a group utilizing Android phones to conduct Apple Pay transactions utilizing stolen or compromised credit/debit card information,” ...
2 months ago Krebsonsecurity.com
AI-Powered Phishing Detection - Does It Actually Work? - Unlike traditional methods that rely on identifying known threats, AI-powered systems analyze patterns and behaviors to detect anomalies indicative of phishing attempts. The rise of artificial intelligence (AI) has brought new hope to combating these ...
1 month ago Cybersecuritynews.com
Telegram is a Wide-Open Marketplace for Phishing Tools - The encrypted messaging app Telegram has become a veritable marketplace for bad actors who want to launch effective phishing campaigns on the cheap, essentially democratizing the cyberthreat, according to researchers at cybersecurity firm Guardio. ...
1 year ago Securityboulevard.com
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
Preventing Credit Card Fraud with PoS Malware: How Prilex Blocks Contactless Payments - New versions of the Prilex point-of-sale malware can block secure, NFC-enabled contactless credit card transactions, forcing consumers to insert credit cards that are then stolen by the malware. On a payment terminal, contactless transactions use NFC ...
2 years ago Bleepingcomputer.com
Spotting Phishing Attacks with Image Verification Techniques - Phishing refers to the tactic used by scammers who impersonate reputable brands and lure victims to click on suspicious links so that they can breach the privacy and sensitive data of individuals. You can call image-based phishing a relatively ...
1 month ago Cybersecuritynews.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
1 year ago Hackread.com
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
1 year ago Cybersecuritynews.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Beware of Weaponized Amazon Gift Cards That Steals Microsoft Credentials - This new attack vector disguises malicious links within seemingly legitimate Amazon gift card emails, creating a perfect social engineering trap that leverages both financial incentives and corporate trust. Upon clicking the “View My eGift ...
1 month ago Cybersecuritynews.com
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials - Security analysts note that these toll scam campaigns achieve approximately 5% success rates – substantially higher than traditional email phishing attacks – demonstrating the effectiveness of this multi-stage approach that combines SMS messaging ...
1 month ago Cybersecuritynews.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
1 year ago Bleepingcomputer.com
Yodobashi Camera Users Under Attack from a New Wave of Phishing Attack - Cybersecurity firm Symantec reported the campaign, which uses emails titled “Yodobashi.com: ‘Customer Information’ Change Request Notification” to trick recipients into visiting fake login pages. A new wave of phishing attacks impersonating ...
3 months ago Cybersecuritynews.com Qilin
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
1 year ago Hackread.com
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack - A sophisticated phishing campaign dubbed “PoisonSeed” has emerged targeting customer relationship management (CRM) and bulk email service providers in a concerning supply chain attack. Security researchers have observed the campaign ...
1 month ago Cybersecuritynews.com Scattered Spider
Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
1 year ago Bleepingcomputer.com