Attackers are sending spoofed “Email Delivery” notifications that redirect through cbssports[.]com to a phishing site on mdbgo[.]io which harvests credentials via an obfuscated site and a websocket for instant exfiltration and possible 2FA prompts. Unit42 alerted to similar campaigns; this variant includes base64-encoded spoofed addresses in links and personalized fake login…