68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Presently sponsored by: Fastmail. Check out Masked Email, built with 1Password. One click gets you a unique email address for every online signup. Try it now!

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Last week I was contacted by CERT Poland. They’d observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. The campaign began with a typical email requesting more information:

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

In this case, the email contained a fake purchase order attachment which requested login credentials that were then posted back to infrastructure controlled by the attacker:

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

All in all, CERT Poland identified 202 other phishing campaigns using the same infrastructure which has subsequently been taken offline. Data accumulated by the malicious activity spanned from October 2022 until just last week.

The advice to impacted individuals is as follows:

  1. Get a digital password manager to help you make all passwords strong and unique
  2. If you’ve been reusing passwords, change them to strong and unique versions now, starting with the most important services you use
  3. Turn on multi-factor authentication wherever it’s available, especially for important accounts such as email, social media and banking
  4. Never open attachments or follow links unless you’re confident in the trustworthiness of their origin and if in doubt, delete the email