A sophisticated phishing campaign in April-May 2025 exploited legitimate Nifty.com infrastructure to impersonate business workflows and harvest credentials, bypassing traditional email defenses. Raven’s analysis emphasizes the need for advanced detection techniques beyond basic email authentication for effective cybersecurity. #NiftyPhishing #CredentialHarvesting
Keypoints
- The campaign used legitimate accounts on Nifty.com to bypass email security checks.
- Multiple waves of emails varied in content, indicating automation and adaptation.
- Malicious payloads included PDF and HTML attachments with obfuscated redirect chains.
- Traditional defenses often miss this threat due to its use of real infrastructure and sophisticated evasion techniques.
- Raven recommends advanced behavioral analysis, sandboxing attachments, and scrutinizing document displaying names for detection.
Read More: https://ravenmail.io/blog/nifty-phishing