“Half the words are capitalised and letters are replaced with asterisks; examples include keywords ‘email’ and ‘password’.

Additionally, when users enter their credentials, they are seen in the simple text in place of asterisks, elevating a red flag.

The login page is not always real. Once the user enters credentials, the records are then forwarded to the threat leads through Google Drive.

The Cofense Phishing Defense Center was alerted by the company’s clients about the campaign.

However, the reach of this particular marketing campaign has yet to be yet assessed.