Phishing Campaign Response for European Bank

This case study outlines a phishing campaign faced by a European bank, where threat actors created impersonated landing pages to steal customer credentials. The campaign utilized social engineering tactics to direct customers to these fake sites, which were subsequently sold on a private Telegram channel. SOCRadar's monitoring capabilities, which include surveillance of Telegram channels, enabled the identification of the compromised data being offered for sale. Following this discovery, a comprehensive investigation was launched that revealed the impersonated landing pages mimicking the bank's legitimate website. The findings prompted SOCRadar to inform the bank and orchestrate a takedown operation to eliminate the threat posed by these counterfeit sites. The case highlights the serious risks associated with impersonated domains and the importance of monitoring platforms like Telegram, which have become increasingly popular among cybercriminals for trading stolen data. This proactive approach allowed the bank to understand the extent of the breach and implement measures to protect their customers.