via Help Net Security
Remember the phishing attack against government officials and political activists that was disrupted by Google in June? Well, it’s far from over.
The goal remains the same – the attackers are still after Gmail login credentials of personal email accounts belonging to military and government employees and associates. The approach is also similar to the previous one, as the potential victims are again targeted with specially crafted emails.
This time, though, the attackers do not offer an attachment that leads to a phishing page mimicking Google’s login page, but have made the email look like a form for activating a subscription to a number of publications by The Center for a New American Security (CNAS), a Washington-based think tank.