During the past couple of weeks Cyveillance has noticed an increase in the amount of phishing activity targeting Internet Service Providers (ISPs). While credentials stolen from the ISP-targeted attacks do not offer much direct financial gain for the phishers, they do offer a wealth of user information that can be leverage in other phishing or spear phishing attacks.
Commonly, phishers will utilize information obtained from non-financial attacks such as ISPs to launch other social engineering attacks. For example, information such as the potential victim’s email address, telephone number, physical address and other information can be obtained from a compromised ISP account. The phisher will incorporate this data in a direct email or phone call to the potential victim in order to establish credibility. Once the credibility has been established, the likelihood for the victim to divulge sensitive information increases substantially.