410.729.7920
Request a Consultation

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise. What you can do to stay safe.

Click Here For Full Details

How is this happening? 

Attackers are launching large-scale phishing campaigns targeting tens of thousands of users using “code of conduct” lures. The attack begins with an email posing as an internal compliance report, complete with enterprise-style HTML templates and organization-specific names to appear legitimate. These emails contain PDF attachments that direct users through a series of “hurdles,” including Cloudflare CAPTCHAs and intermediate staging pages. The final stage is an Adversary-in-the-Middle (AiTM) attack where the attacker proxies a legitimate sign-in experience to capture authentication tokens in real time.

What is the weakness? 

This campaign exploits the sense of urgency and pressure created by “disciplinary” or “non-compliance” lures, making users more likely to overlook suspicious details. Because the attack uses AiTM techniques, it can bypass non-phishing-resistant multifactor authentication (MFA). The use of CAPTCHAs and intermediate pages also helps the malicious infrastructure evade automated security scanners and sandbox detonation.

Users should: 

  • Verify the source of any “Internal Regulatory” or “Workforce Communications” emails, especially those requiring immediate action on a case log.
  • Be wary of unusual redirects, such as being asked to solve multiple CAPTCHAs or sign in to view “encrypted” compliance documents.
  • Use phishing-resistant MFA whenever possible, such as FIDO keys, Windows Hello, or Microsoft Authenticator with number matching.

i4DM offers Password Manager, EMFA, and Cybersecurity Awareness Training that assist with: 

  • Phishing Simulations: Running realistic attack scenarios to train users to recognize sophisticated AiTM lures.
  • Strong Authentication: Implementing phishing-resistant MFA and password-less methods to protect against token theft.
  • Advanced Defenses: Configuring security features like Safe Links and Safe Attachments to neutralize threats.
  • Monitoring: Setting strict access controls and monitoring for anomalous sign-in properties or token theft
  • Contact Us or call today for more details – 410-846-9138
Categories
Tags
AI Budgeting Cloud Cloud Computing Communication Compliance CRM Customer Service Cybersecurity Data Data Science Disaster Recovery Finance Investment IoT IT MSP Recovery Risk Assessment ROI Social Media Strategy Sustainability Technology Work Culture
Recent Posts

Windows Under Siege: Three Zero-Day Exploits Are Being Used Right Now And why AI-powered threats like Mythos should have everyone’s attention.

Stop Managing IT. Start Leading Your Business.

Why Risk Assessments Are the Ultimate Growth Strategy